V14: Apply sliding window token expiry based on the configured max login lifetime #16028
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Details
Caution
> The client application needs to make some changes before we merge this PR, as there is a minimum access token lifetime set to 10mins by the library they use, which is not the case with the default 20mins timeout that we support (making it only 5mins for the access token).Test
Umbraco::CMS::Global::TimeOut
to00:04::00
;/umbraco/management/api/v1/security/back-office/authorize
and then/umbraco/management/api/v1/security/back-office/token
);?&scope=offline_access
to make sure you get a refresh token from the/token
endpoint."expires_in": 59,
or60
(seconds);Umbraco::CMS::Global::TimeOut
setting, the value of the"expires_in"
parameter from the response of/umbraco/management/api/v1/security/back-office/token
endpoint also changes accordingly.Note
We can go over the test scenarios together if something doesn't make sense 😉