OAuth2 tokens configuration for frontend client

refresh token TTL 5 days (+ disabled reuse of refresh tokens) acces token TTL 1 hour
zabiny · Sep 9, 2024 · 9302295 · 9302295
1 parent 06b2afc
commit 9302295
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml
@@ -62,6 +62,11 @@ spring:
                 - "openid"
                 - "profile"
                 - "email"
+            require-proof-key: true
+            token:
+              reuse-refresh-tokens: false
+              refresh-token-time-to-live: P5D   # 5 days
+              access-token-time-to-live: PT1H   # 1 hour
           2000:
             registration:
               client-id: "test"
@@ -86,6 +91,10 @@ spring:
                 - "profile"
                 - "email"
           #            require-authorization-consent: true
+            token:
+              reuse-refresh-tokens: false
+              refresh-token-time-to-live: P5D   # 5 days
+              access-token-time-to-live: PT1H   # 1 hour
           3000:
             registration:
               client-id: "apispec"