Add option to disable refresh token invalidation (#6584)

* Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
author: Jonas Franz <info@jonasfranz.software> 2019-04-12 09:50:21 +0200
committer: Lunny Xiao <xiaolunwen@gmail.com> 2019-04-12 15:50:21 +0800
commit: 783cd649276c472aa3af97dd311eb4766ff3adfb (patch)
tree: b5751426ada7ac3c41d2a65d2b023148b751ec08 /custom
parent: 3ff0a126e12109b6c3aceaa229dd1bf229b6ad4b (diff)
download: gitea-783cd649276c472aa3af97dd311eb4766ff3adfb.tar.gz
gitea-783cd649276c472aa3af97dd311eb4766ff3adfb.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample
index b527e2249a..6dee39ed83 100644
--- a/custom/conf/app.ini.sample
+++ b/custom/conf/app.ini.sample
@@ -680,6 +680,8 @@ ENABLED = true
 ACCESS_TOKEN_EXPIRATION_TIME=3600
 ; Lifetime of an OAuth2 access token in hours
 REFRESH_TOKEN_EXPIRATION_TIME=730
+; Check if refresh token got already used
+INVALIDATE_REFRESH_TOKENS=false
 ; OAuth2 authentication secret for access and refresh tokens, change this a unique string.
 JWT_SECRET=Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU
author	Jonas Franz <info@jonasfranz.software>	2019-04-12 09:50:21 +0200
committer	Lunny Xiao <xiaolunwen@gmail.com>	2019-04-12 15:50:21 +0800
commit	783cd649276c472aa3af97dd311eb4766ff3adfb (patch)
tree	b5751426ada7ac3c41d2a65d2b023148b751ec08 /custom
parent	3ff0a126e12109b6c3aceaa229dd1bf229b6ad4b (diff)
download	gitea-783cd649276c472aa3af97dd311eb4766ff3adfb.tar.gz gitea-783cd649276c472aa3af97dd311eb4766ff3adfb.zip