[10.x] Define token lifetimes as DateInterval instead of DateTime #1496
Conversation
DeepDiver1975
force-pushed
the
feat/specify-token-lifetimes-as-intervals
branch
from
47e22e7 to
908b16a
Compare
…ovides an easier use in a Laravel Octane deployment
DeepDiver1975
force-pushed
the
feat/specify-token-lifetimes-as-intervals
branch
from
908b16a to
0502520
Compare
driesvints
changed the title
|
Hmm you're right this is indeed an issue. However, this would be a breaking change here. I think the correct course of action here is to use your suggestion from the issue to use an event handler like Socialite: So could you PR that instead to Octane? I do think you're correct about the behavior. Adding an interval or time in seconds is probably a better way to deal with this than setting a DateTime instance. |
I was thinking about this already as well .... but what operation/logic should be executed on Passport? That seems straight forward but will degrade the life time over time. Passport::tokensExpireIn(Passport::tokensExpireIn());
...I don't think this can be fixed without a change in Passport. |
|
I'll need to have a look myself. Hopefully later this week. |
|
One idea could be to compute the DateInterval upon calling tokensExpireIn($date) and store the interval instead of the expire date. tokensExpireAt is public so we need second property ... unless this is not considered a BC break. |
|
@DeepDiver1975 You were correct, it's best that we solve this in Passport. I took a different approach however, one that's not breaking. Can you review #1500 and let me know if that looks good to you? |
|
Replaced by #1500. @DeepDiver1975 should be out on Tuesday somewhere. |
Provides an easier use in a Laravel Octane deployment
see laravel/framework#39366
Background
Passport::tokensExpireIn, Passport::refreshTokensExpireIn and Passport::personalAccessTokensExpireIn use explicit datetimes.
These methods are usually called in AuthServiceProvider.
Problem
With octane service providers are called once on startup which means that the explicit expiry datetimes are sent on startup and never being updated. As a result the longer an octane instance runs the shorter the token lifetimes get.