Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User-based token_lifespan instead #1562

Open
gustiando opened this issue Oct 27, 2022 · 0 comments
Open

User-based token_lifespan instead #1562

gustiando opened this issue Oct 27, 2022 · 0 comments

Comments

@gustiando
Copy link

gustiando commented Oct 27, 2022

Hello, one important step before filing an issue is to share reproducible steps. This is exactly where we're having trouble with; the bug below only happens in production.

The issue is once we shorten the token_lifespan from 2 weeks to 30 minutes (or 1800). It gives users http 500s and failing to reset their passwords.

One idea is to set the lifespan to a specific user. So we can either isolate the bug and/or the fix before rolling it out to everybody else. If nobody has other ideas, How can we set different token_lifespan for a user with Devise?

Example of what we see in the prod logs:

NoMethodError: undefined method `[]' for nil:NilClass

    args[:expiry] = tokens[args[:client_id]]['expiry']
                                            ^^^^^^^^^^

Screen Shot 2022-10-27 at 12 55 20 PM

Our configuration:

DeviseTokenAuth.setup do |config|
  config.change_headers_on_each_request = true
  config.token_lifespan = ENV.fetch('TOKEN_LIFESPAN', 1800).to_i
  config.token_cost = Rails.env.test? ? 4 : 10
  config.batch_request_buffer_throttle = 10.seconds
  config.default_callbacks = false
  config.bypass_sign_in = false
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant