Timeout and expiration for token

[hexiang-hu]

Hello,

Thanks for you sharing this authentication token tool. I have some question regards to the expiration timeout for the authentication tokens in database. Is there a place to set up the timeout value? How does it cooperate with Devise remember?

[adamniedzielski]

Hi! Currently there is no built-in way to setup expiration timeout. It can be easily implemented inside your application - create a Rake task which deletes tokens based on last_used_at or created_at fields and invoke it from a cron job.

We have Tiddle.purge_old_tokens method which has a slightly different purpose. It keeps number of tokens under 20 for each user in order not to litter database with unused tokens. Take a look here:

tiddle/lib/tiddle/token_issuer.rb

Line 32 in 022ef69

def purge_old_tokens(resource)

and here: http://adamniedzielski.github.io/blog/2015/04/04/token-authentication-with-tiddle/ -> Deleting old tokens. The code for token expiration should be quite similar.

Tiddle does not work with Devise rememberable. Tiddle is intended to be used in cookie-less applications and token should be sent with each request.

I hope that my answer helps you :) If you have further questions - ask!