From db1ad2de95b86fd5958554709bb4e5ddcd12f78b Mon Sep 17 00:00:00 2001 From: Seth Foster Date: Wed, 2 Oct 2019 13:35:23 -0400 Subject: [PATCH] Set REFRESH_TOKEN_EXPIRE_SECONDS - Set OAUTH2 REFRESH_TOKEN_EXPIRE_SECONDS to 1 month (2628000 seconds) - If not set, awx-manage cleartokens, or cleanup_tokens, will not work properly - Once cleartokens is run, this setting is the amount of time after an access token expires that we keep its refresh token in the database --- awx/settings/defaults.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py index f81b97a325..a2b1e9926b 100644 --- a/awx/settings/defaults.py +++ b/awx/settings/defaults.py @@ -338,7 +338,8 @@ OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = 'main.OAuth2AccessToken' OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = 'oauth2_provider.RefreshToken' OAUTH2_PROVIDER = {'ACCESS_TOKEN_EXPIRE_SECONDS': 31536000000, - 'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600} + 'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600, + 'REFRESH_TOKEN_EXPIRE_SECONDS': 2628000} ALLOW_OAUTH2_FOR_EXTERNAL_USERS = False # LDAP server (default to None to skip using LDAP authentication).