Skip to content

Customizing Token Expiration

Rishabh Sairawat edited this page Dec 27, 2018 · 9 revisions

Access Grant

By default, access grants expires in 10 minutes. You can change this setting in the configuration:

Doorkeeper.configure do
  authorization_code_expires_in 20.minutes
end

DO NOT set this option to nil. This token should always expire in a short time

Access Token

By default, all access tokens expires in 2 hours. You can change this in the configuration:

Doorkeeper.configure do
  access_token_expires_in 4.hours
end

If you set the option to nil the access token will never expire (not recommended)

If you need custom expiration time you can use custom_access_token_expires_in configuration option:

Doorkeeper.configure do
  # ...

  custom_access_token_expires_in do |app|
     condition ? 2.hours.to_i : 15.minutes.to_i
  end
end

Starting from Doorkeeper 5.0 (pull/1049,pull/1102) you can access client, grant_type and scopes when generating custom token TTL:

Doorkeeper.configure do
  # ...

  custom_access_token_expires_in do |context|
     # context.grant_type for grant_type, context.client for client, context.scopes for scopes
     if context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS # see Doorkeeper::OAuth::GRANT_TYPES for other types
       2.hours.to_i
     else 
       15.minutes.to_i
     end
  end
end

Refresh Token

Unlike access grants and access tokens, refresh tokens do not have a TTL expiration.

Clone this wiki locally