starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-06 09:13:19 +03:00
Code Issues 121 Packages Projects Releases 16 Wiki Activity

🚀 Feature: Decouple Pocket ID session length from OIDC client #199

New Issue
Closed
opened 2025-10-07 00:05:44 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2025-10-07 00:05:44 +03:00
Owner
Copy Link

Originally created by @RealOrangeOne on GitHub.

Feature description

Currently, the session duration of Pocket ID is the same as the session duration for each client. It should be possible to decouple these, possibly by specifying either a single system-wide value, or per-client.

Pitch

For Pocket ID itself, a session duration quite short makes sense, since it shouldn't be logged in to that often, and reducing it helps implement #544.

However, having to re-authenticate with logged in services every hour (by default) is fairly tedious and doesn't make sense for quite a few services.

Originally created by @RealOrangeOne on GitHub. ### Feature description Currently, the session duration of Pocket ID is the same as the session duration for each client. It should be possible to decouple these, possibly by specifying either a single system-wide value, or per-client. ### Pitch For Pocket ID itself, a session duration quite short makes sense, since it shouldn't be logged in to that often, and reducing it helps implement #544. However, having to re-authenticate with logged in services every hour (by default) is fairly tedious and doesn't make sense for quite a few services.
OVERLORD added the featureneeds more upvotes labels 2025-10-07 00:05:44 +03:00
OVERLORD commented 2025-10-07 00:05:46 +03:00
Author
Owner
Copy Link

@RealOrangeOne commented on GitHub:

I think I meant the refresh token in this case, but as you say if that's already 30 days, there's clearly something else going on, so I'll do some more digging.

@RealOrangeOne commented on GitHub: I think I meant the refresh token in this case, but as you say if that's already 30 days, there's clearly something else going on, so I'll do some more digging.
OVERLORD commented 2025-10-07 00:05:46 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

The session duration of Pocket ID is not linked to the expiration of the access token that clients receive, the access token expiration is set to one hour.

Clients should use the refresh token provided by Pocket ID, which is valid for 30 days, to renew the access token. As the access token can be refreshed we're not planning to customize the access token expiration.

@stonith404 commented on GitHub: The session duration of Pocket ID is not linked to the expiration of the access token that clients receive, the access token expiration is set to one hour. Clients should use the refresh token provided by Pocket ID, which is valid for 30 days, to renew the access token. As the access token can be refreshed we're not planning to customize the access token expiration.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label feature needs more upvotes
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#199
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?