From 783cd649276c472aa3af97dd311eb4766ff3adfb Mon Sep 17 00:00:00 2001
From: Jonas Franz <info@jonasfranz.software>
Date: Fri, 12 Apr 2019 09:50:21 +0200
Subject: Add option to disable refresh token invalidation (#6584)

* Add option to disable refresh token invalidation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add integration tests and remove wrong todos

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix typo

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix tests and add documentation

Signed-off-by: Jonas Franz <info@jonasfranz.software>
---
 custom/conf/app.ini.sample | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'custom/conf')

diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample
index b527e2249a..6dee39ed83 100644
--- a/custom/conf/app.ini.sample
+++ b/custom/conf/app.ini.sample
@@ -680,6 +680,8 @@ ENABLED = true
 ACCESS_TOKEN_EXPIRATION_TIME=3600
 ; Lifetime of an OAuth2 access token in hours
 REFRESH_TOKEN_EXPIRATION_TIME=730
+; Check if refresh token got already used
+INVALIDATE_REFRESH_TOKENS=false
 ; OAuth2 authentication secret for access and refresh tokens, change this a unique string.
 JWT_SECRET=Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU
 
-- 
cgit v1.2.3