User-based `token_lifespan` instead
gustiando opened this issue · 0 comments
gustiando commented
Hello, one important step before filing an issue is to share reproducible steps. This is exactly where we're having trouble with; the bug below only happens in production.
The issue is once we shorten the token_lifespan from 2 weeks to 30 minutes (or 1800). It gives users http 500s and failing to reset their passwords.
One idea is to set the lifespan to a specific user. So we can either isolate the bug and/or the fix before rolling it out to everybody else. If nobody has other ideas, How can we set different token_lifespan for a user with Devise?
Example of what we see in the prod logs:
NoMethodError: undefined method `[]' for nil:NilClass
args[:expiry] = tokens[args[:client_id]]['expiry']
^^^^^^^^^^
Our configuration:
DeviseTokenAuth.setup do |config|
config.change_headers_on_each_request = true
config.token_lifespan = ENV.fetch('TOKEN_LIFESPAN', 1800).to_i
config.token_cost = Rails.env.test? ? 4 : 10
config.batch_request_buffer_throttle = 10.seconds
config.default_callbacks = false
config.bypass_sign_in = false
end