Update jwt.helper.js to increase Github JWT Token duration #712
Conversation
Update access token and refresh token duration. Access token updated to 1 day from 5 minutes. Refresh token updated to 7 days from 24 hours.
There was a problem hiding this comment.
thanks @HugoReeves , these changes make good sense and I agree with the values for now; 1 day timeout is reasonable if there is no refresh token mechanism. We can probably trim this back to something like 15 minutes when refresh is in place
I had not come across it earlier because I tend to use local login for testing
did you want to raise an issue for the refresh token?
|
there is a failing unit test because it is searching for '5m', did you want to fix that up? otherwise I can modify this I will delay the 2.0.4 release so that we can get this change in |
|
@jgadsden The unit test should be updated now. |
|
do not worry about the failing 'CI pipeline / Build docker image' test, that is a permissions issue |
Summary:
Currently Github users are logged out after 5 minutes. This makes it impossible to save changes without refreshing and losing all unsaved changes. As far as I can tell, refresh tokens have not been implemented currently. Increasing the JWT token duration to 1 day should make it more practical to edit Github models. A longer term solution is to finish implementation of refresh tokens.
Description for the changelog:
Update access token and refresh token duration.
Access token updated to 1 day from 5 minutes.
Refresh token updated to 7 days from 24 hours.
Other info:
None