Skip to content

Customizing Token Expiration

Jump to bottom Edit New page
Imir Kiyamov edited this page Apr 19, 2019 · 9 revisions

Access Grant

By default, access grants expires in 10 minutes. You can change this setting in the configuration:

Doorkeeper.configure do
  authorization_code_expires_in 20.minutes
end

DO NOT set this option to nil. This token should always expire in a short time

Access Token

By default, all access tokens expires in 2 hours. You can change this in the configuration:

Doorkeeper.configure do
  access_token_expires_in 4.hours
end

If you set the option to nil the access token will never expire (not recommended)

If you need custom expiration time you can use custom_access_token_expires_in configuration option:

Doorkeeper.configure do
  # ...

  # For Doorkeeper < 5.0
  custom_access_token_expires_in do |app|
    condition ? 2.hours.to_i : 15.minutes.to_i
  end
end

IMPORTANT: if this configuration block returns nil, then Doorkeeper will take the value from access_token_expires_in configuration option (or it's default). Starting from Doorkeeper 5.1.x you can return Float::INFINITY from this block if you really need to issue a non-expiring token (not recommended, use short-time period instead).

Starting from Doorkeeper 5.0 (pull/1049, pull/1102) you can access client, grant_type and scopes when generating custom token TTL:

Doorkeeper.configure do
  # ...

  custom_access_token_expires_in do |context|
    # context.grant_type for grant_type, context.client for client, context.scopes for scopes
    if context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS # see Doorkeeper::OAuth::GRANT_TYPES for other types
      2.hours.to_i
    else 
      15.minutes.to_i
    end
  end
end

Refresh Token

Unlike access grants and access tokens, refresh tokens do not have a TTL expiration.

Add a custom footer
Add a custom sidebar
Clone this wiki locally