Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configuration documentation inconsistencies #3491

Open
3 of 6 tasks
RazerM opened this issue Apr 14, 2023 · 2 comments
Open
3 of 6 tasks

Configuration documentation inconsistencies #3491

RazerM opened this issue Apr 14, 2023 · 2 comments
Labels
bug Something is not working.

Comments

@RazerM
Copy link

RazerM commented Apr 14, 2023

Preflight checklist

Describe the bug

https://www.ory.sh/docs/hydra/reference/configuration

The comment on ttl.refresh_token says it can be set to -1 to never expire but https://www.ory.sh/docs/hydra/guides/client-token-expiration#refresh-token says the maximum age is 6 months. Also in which version was the 6 months maximum introduced, as I don't find it in the change log.

The comment for secrets.system still says "If none is provided, one will be generated." which is no longer true.

Reproducing the bug

N/A

Relevant log output

No response

Relevant configuration

No response

Version

1.10.7

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

No response
@RazerM RazerM added the bug Something is not working. label Apr 14, 2023
@RazerM
Copy link
Author

RazerM commented Apr 17, 2023

This test seems to indicate -1 is still infinite

hydra/driver/config/provider_test.go

Lines 392 to 399 in 400b9af

func TestInfinitRefreshTokenTTL(t *testing.T) {
ctx := context.Background()
l := logrusx.New("", "")
l.Logrus().SetOutput(io.Discard)
c := MustNew(context.Background(), l, configx.WithValue("ttl.refresh_token", -1))
assert.Equal(t, -1*time.Nanosecond, c.GetRefreshTokenLifespan(ctx))
}

@RazerM RazerM mentioned this issue May 24, 2023
Open
6 tasks
@aeneasr
Copy link
Member

aeneasr commented May 25, 2023

The comment on ttl.refresh_token says it can be set to -1 to never expire but https://www.ory.sh/docs/hydra/guides/client-token-expiration#refresh-token says the maximum age is 6 months. Also in which version was the 6 months maximum introduced, as I don't find it in the change log.

This limit applies to Ory Network - here we do not allow -1 refresh tokens because it would fill up our database. In self-hosting setting it to -1 is still possible, but it does mean that you won't be able to scale the system beyond 10M users

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RazerM @aeneasr