mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 12:32:08 +02:00
Code Issues Projects Releases Wiki Activity

MDL-64079 oauth2: Set an arbitrary expiration date for eternal tokens

Browse Source 
The oauth2 standard does not require access tokens to have an
expiration date. This assumes a default validity period of 7 days unless
an explicit expiration date is communicated by the server.
This commit is contained in:
Jan Dageförde 2018-11-19 11:30:27 +01:00
parent 0225ad42ea
commit 121fa4381e
No known key found for this signature in database
GPG Key ID: 2239CFA64B5E4FCC
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/classes/oauth2/client.php
View File

@ -175,7 +175,13 @@ class client extends \oauth2_client {
}
// Update values from $token. Don't use from_record because that would skip validation.
$persistedtoken->set('token', $token->token);
$persistedtoken->set('expires', $token->expires);
if (isset($token->expires)) {
$persistedtoken->set('expires', $token->expires);
} else {
// Assume an arbitrary time span of 1 week for access tokens without expiration.
// The "refresh_system_tokens_task" is run hourly (by default), so the token probably won't last that long.
$persistedtoken->set('expires', time() + WEEKSECS);
}
$persistedtoken->set('scope', $token->scope);
$persistedtoken->save();
} else {