diff --git a/backend/src/openarchiefbeheer/conf/base.py b/backend/src/openarchiefbeheer/conf/base.py index f7ad1150..bf4c980d 100644 --- a/backend/src/openarchiefbeheer/conf/base.py +++ b/backend/src/openarchiefbeheer/conf/base.py @@ -343,6 +343,7 @@ SESSION_COOKIE_SAMESITE = config("SESSION_COOKIE_SAMESITE", "Lax") SESSION_COOKIE_SECURE = config("SESSION_COOKIE_SECURE", IS_HTTPS) SESSION_COOKIE_HTTPONLY = True +SESSION_COOKIE_AGE = config("SESSION_COOKIE_AGE", 1209600) # 2 weeks in seconds CSRF_COOKIE_SAMESITE = config("CSRF_COOKIE_SAMESITE", "Lax") CSRF_COOKIE_SECURE = config("CSRF_COOKIE_SECURE", IS_HTTPS) @@ -637,6 +638,10 @@ OIDC_REDIRECT_ALLOWED_HOSTS = config( "OIDC_REDIRECT_ALLOWED_HOSTS", default="", split=True ) +# See issue #422 and https://mozilla-django-oidc.readthedocs.io/en/2.0.0/installation.html#validate-id-tokens-by-renewing-them +OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = config( + "OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS", default=60 * 15 +) # Django privates #