Skip to content

Commit

Permalink
Reduce expiry for refresh based token
Browse files Browse the repository at this point in the history
  • Loading branch information
@iamareebjamal
iamareebjamal committed Aug 2, 2019
1 parent 8bfaa54 commit f8fa9f8
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions app/api/auth.py
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
import base64
import base64
import logging
import random
import string
from datetime import timedelta
from functools import wraps

import requests
Expand Down Expand Up @@ -63,12 +63,14 @@ def authenticate(allow_refresh_token=False, existing_identity=None):
if not identity or (existing_identity and identity != existing_identity): # For fresh login, credentials should match existing user
return jsonify(error='Invalid Credentials'), 401

access_token = create_access_token(identity.id, fresh=True)
response_data = {'access_token': access_token}

remember_me = data.get('remember-me')
include_in_response = data.get('include-in-response')
add_refresh_token = allow_refresh_token and remember_me

expiry_time = timedelta(minutes=90) if add_refresh_token else None
access_token = create_access_token(identity.id, fresh=True, expires_delta=expiry_time)
response_data = {'access_token': access_token}

if add_refresh_token:
refresh_token = create_refresh_token(identity.id)
if include_in_response:
Expand Down

0 comments on commit f8fa9f8

Please sign in to comment.