Page MenuHomePhabricator
Create Task
Maniphest T340921

Make OAuth2 refresh tokens valid for longer than access tokens
Closed, ResolvedPublicBUG REPORT
Actions

Description

Currently $wgOAuth2GrantExpirationInterval has a default value of "PT1H" (one hour) and $wgOAuth2RefreshTokenTTL has a default value of "PT1M" (one minute).

Having refresh tokens expire so much faster than access tokens makes them almost completely useless. Therefore I would like to suggest changing the default value of $wgOAuth2RefreshTokenTTL to something longer like for example "P1M" (one month).

Details

SubjectRepoBranchLines +/-
Fix default refresh token expirymediawiki/extensions/OAuthmaster+5 -12
Customize query in gerrit

Event Timeline

MarkusRost created this task.Jul 2 2023, 8:12 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 2 2023, 8:12 AM
Tgr added a comment.Jul 2 2023, 9:01 PM

FWIW on Wikimedia it's set to P365D.

gerritbot added a comment.Jul 2 2023, 9:12 PM

Change 934713 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/OAuth@master] Fix default refresh token expiry

https://gerrit.wikimedia.org/r/934713

gerritbot added a project: Patch-For-Review.Jul 2 2023, 9:12 PM
MarkusRost added a comment.Jul 2 2023, 9:17 PM
In T340921#8984284, @gerritbot wrote:

Change 934713 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/OAuth@master] Fix default refresh token expiry

https://gerrit.wikimedia.org/r/934713

@Tgr typo in extension.json "T1M" -> "P1M"

gerritbot added a comment.Oct 13 2023, 4:41 PM

Change 934713 merged by jenkins-bot:

[mediawiki/extensions/OAuth@master] Fix default refresh token expiry

https://gerrit.wikimedia.org/r/934713

ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.1; 2023-10-17).Oct 13 2023, 5:00 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 13 2023, 5:10 PM
Tgr closed this task as Resolved.Oct 13 2023, 5:51 PM
Tgr claimed this task.
XtexChooser subscribed.Jan 30 2024, 3:21 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL