Skip to content

Make Override Session Expiry optionally configurable

Mirko Vucicevich requested to merge configurable-override-session-time into main
  • /oidc_auth/backends.py
  • /README.md

Keep current functionality, but allow integer values to be set for override_default_expiry for edge cases.

I've added warnings for best practices in the README.

Reasoning:

  • It is currently difficult to test app behavior when sessions time out (eg. by setting a shorter-than-token expiry time)
  • Bad practice to hard-code upper limits with no way to configure them

Ryan: please review (I'm not sure what the difference is between "assignee" and "reviewer" here

also testing to see if I can ping via comments @rgoggin

Edited by Mirko Vucicevich

Merge request reports