adjust refresh token lifetimes

bitwarden · Jan 23, 2024 · 74f8cd5 · 74f8cd5
1 parent 26ee43b
commit 74f8cd5
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/Identity/IdentityServer/ApiClient.cs b/src/Identity/IdentityServer/ApiClient.cs
@@ -15,7 +15,7 @@ public ApiClient(
         ClientId = id;
         AllowedGrantTypes = new[] { GrantType.ResourceOwnerPassword, GrantType.AuthorizationCode, WebAuthnGrantValidator.GrantType };
         RefreshTokenExpiration = TokenExpiration.Sliding;
-        RefreshTokenUsage = TokenUsage.ReUse;
+        RefreshTokenUsage = TokenUsage.OneTimeOnly;
         SlidingRefreshTokenLifetime = 86400 * refreshTokenSlidingDays;
         AbsoluteRefreshTokenLifetime = 0; // forever
         UpdateAccessTokenClaimsOnRefresh = true;

diff --git a/src/Identity/IdentityServer/StaticClientStore.cs b/src/Identity/IdentityServer/StaticClientStore.cs
@@ -10,8 +10,8 @@ public StaticClientStore(GlobalSettings globalSettings)
     {
         ApiClients = new List<Client>
         {
-            new ApiClient(globalSettings, BitwardenClient.Mobile, 90, 1),
-            new ApiClient(globalSettings, BitwardenClient.Web, 30, 1),
+            new ApiClient(globalSettings, BitwardenClient.Mobile, 60, 1),
+            new ApiClient(globalSettings, BitwardenClient.Web, 7, 1),
             new ApiClient(globalSettings, BitwardenClient.Browser, 30, 1),
             new ApiClient(globalSettings, BitwardenClient.Desktop, 30, 1),
             new ApiClient(globalSettings, BitwardenClient.Cli, 30, 1),