starred/pocket-id-pocket-id-2
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-11 07:32:57 +03:00
Code Issues 116 Packages Projects Releases 10 Wiki Activity

🚀 Feature: Ability to customize access token expiration #350

New Issue
Closed
opened 2025-10-09 16:41:20 +03:00 by OVERLORD · 9 comments
OVERLORD commented 2025-10-09 16:41:20 +03:00
Owner
Copy Link

Originally created by @buchwasa on GitHub.

Feature description

The feature is to be able to customize the expiration of the access token per OIDC client.

Pitch

Right now, I utilize a client that strictly adheres to access token expiration and it defaults to 60 minutes each time, and it would be nice to be able to customize it so I don't have to log back in every 60 minutes.

Originally created by @buchwasa on GitHub. ### Feature description The feature is to be able to customize the expiration of the access token per OIDC client. ### Pitch Right now, I utilize a client that strictly adheres to access token expiration and it defaults to 60 minutes each time, and it would be nice to be able to customize it so I don't have to log back in every 60 minutes.
OVERLORD added the feature label 2025-10-09 16:41:20 +03:00
OVERLORD commented 2025-10-09 16:41:24 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

@buchwasa No worries, which client are you referring to?

@stonith404 commented on GitHub: @buchwasa No worries, which client are you referring to?
OVERLORD commented 2025-10-09 16:41:25 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

@stonith404 I think this is what they referring to in the OIDC spec: https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens

@kmendell commented on GitHub: @stonith404 I think this is what they referring to in the OIDC spec: https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens
OVERLORD commented 2025-10-09 16:41:26 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Which client signs you out when the access token has expired? Because the OIDC spec doesn't mention anything that the user should be signed out when the access token expires.

@stonith404 commented on GitHub: Which client signs you out when the access token has expired? Because the OIDC spec doesn't mention anything that the user should be signed out when the access token expires.
OVERLORD commented 2025-10-09 16:41:26 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

I'm not planning to implement this because this isn't a behavior recommend by OIDC.

I would recommend creating an issue in the repo of the client that the session duration should be configurable.

@stonith404 commented on GitHub: I'm not planning to implement this because this isn't a behavior recommend by OIDC. I would recommend creating an issue in the repo of the client that the session duration should be configurable.
OVERLORD commented 2025-10-09 16:41:26 +03:00
Author
Owner
Copy Link

@buchwasa commented on GitHub:

Hi, I'm so sorry, I totally misread the whole thing when I initially wrote up this issue, my apologies. The issue I was running into is the client is looking for a refresh token to stay authenticated but since pocket-id doesn't issue one, it utilizes the access token

@buchwasa commented on GitHub: Hi, I'm so sorry, I totally misread the whole thing when I initially wrote up this issue, my apologies. The issue I was running into is the client is looking for a refresh token to stay authenticated but since pocket-id doesn't issue one, it utilizes the access token
OVERLORD commented 2025-10-09 16:41:28 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

@buchwasa Did you set SSO_AUTH_ONLY_NOT_SESSION to true in Vaultwarden?

@stonith404 commented on GitHub: @buchwasa Did you set `SSO_AUTH_ONLY_NOT_SESSION` to `true` in Vaultwarden?
OVERLORD commented 2025-10-09 16:41:28 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

@buchwasa I didnt even know VW has SSO , but i found it and set it up and so far i have no had issues with it, Can you tell me exactly where you are having the issues?

@kmendell commented on GitHub: @buchwasa I didnt even know VW has SSO , but i found it and set it up and so far i have no had issues with it, Can you tell me exactly where you are having the issues?
OVERLORD commented 2025-10-09 16:41:29 +03:00
Author
Owner
Copy Link

@buchwasa commented on GitHub:

VW has SSO on a PR, but the issue is that since pocket-id doesn't send a refresh token, VW uses the access token and expires after an hour

@buchwasa commented on GitHub: VW has SSO on a PR, but the issue is that since pocket-id doesn't send a refresh token, VW uses the access token and expires after an hour
OVERLORD commented 2025-10-09 16:41:30 +03:00
Author
Owner
Copy Link

@buchwasa commented on GitHub:

The client in specific is Vaultwarden, the link that @kmendell sent is what I was referring to

@buchwasa commented on GitHub: The client in specific is Vaultwarden, the link that @kmendell sent is what I was referring to
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-2#350
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?