Hi,
I’ve created authorization for my external api identical as in the POW docs https://hexdocs.pm/pow/api.html.
My question is, how to set token validity time for this api authorization?
I set:
credentials_cache_store:
{Pow.Store.CredentialsCache, ttl: :timer.minutes(28800), namespace: “credentials”},
session_ttl_renewal: :timer.minutes(30),
cache_store_backend: Pow.Store.Backend.EtsCache
in the main config and it’s working for the CMS part of the project but not for the external api part.
Anybody can help me? Thanks in advance.
You’ll have to set it in the store config options, as you are calling the Pow.Store.CredentialsCache
directly. :credentials_cache_store
is only used in Pow.Plug.Session
plug.
So do this instead:
store_config
|> Keyword.put(:ttl, :timer.minutes(28800))
|> CredentialsCache.put(access_token, {user, [renewal_token: renewal_token]})
Or if you want to use the same setting as in your config:
{_store, opts} = Config.get(config, :credentials_cache_store, nil) || raise "No `:credentials_cache_store` config option set"
store_config
|> Keyword.merge(opts)
|> CredentialsCache.put(access_token, {user, [renewal_token: renewal_token]})
I strongly encourage you to keep the TTL much shorter than what you got. OWASP recommends the following:
Common idle timeouts ranges are 2-5 minutes for high-value applications and 15-30 minutes for low risk applications.
That works, thank you very much. I’ll re-think the TTL.
i am still stuck in renewal ttl time
{_store, opts} = Config.get(config, :credentials_cache_store, nil) || raise “No :credentials_cache_store
config option set” is not working always return nill value