Support expiry of refresh tokens and expiry of the overall session when refresh tokens are in use. (#11425)

2025-06-19 07:04:06 -04:00 · 2021-11-26 14:27:14 +00:00 · 2021-11-26 14:27:14 +00:00 · 1d8b80b334
commit 1d8b80b334
parent e2c300e7e4
8 changed files with 338 additions and 54 deletions
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@ -113,14 +113,11 @@ class RegistrationConfig(Config):
        self.session_lifetime = session_lifetime

        # The `refreshable_access_token_lifetime` applies for tokens that can be renewed
-        # using a refresh token, as per MSC2918. If it is `None`, the refresh
-        # token mechanism is disabled.
-        #
-        # Since it is incompatible with the `session_lifetime` mechanism, it is set to
-        # `None` by default if a `session_lifetime` is set.
+        # using a refresh token, as per MSC2918.
+        # If it is `None`, the refresh token mechanism is disabled.
        refreshable_access_token_lifetime = config.get(
            "refreshable_access_token_lifetime",
-            "5m" if session_lifetime is None else None,
+            "5m",
        )
        if refreshable_access_token_lifetime is not None:
            refreshable_access_token_lifetime = self.parse_duration(
@ -128,17 +125,10 @@ class RegistrationConfig(Config):
            )
        self.refreshable_access_token_lifetime = refreshable_access_token_lifetime

-        if (
-            session_lifetime is not None
-            and refreshable_access_token_lifetime is not None
-        ):
-            raise ConfigError(
-                "The refresh token mechanism is incompatible with the "
-                "`session_lifetime` option. Consider disabling the "
-                "`session_lifetime` option or disabling the refresh token "
-                "mechanism by removing the `refreshable_access_token_lifetime` "
-                "option."
-            )
+        refresh_token_lifetime = config.get("refresh_token_lifetime")
+        if refresh_token_lifetime is not None:
+            refresh_token_lifetime = self.parse_duration(refresh_token_lifetime)
+        self.refresh_token_lifetime = refresh_token_lifetime

        # The fallback template used for authenticating using a registration token
        self.registration_token_template = self.read_template("registration_token.html")