Implement access token expiry (#5660)

Record how long an access token is valid for, and raise a soft-logout once it expires.
2025-08-07 11:52:11 -04:00 · 2019-07-12 17:26:02 +01:00 · 2019-07-12 17:26:02 +01:00 · 5f158ec039
commit 5f158ec039
parent 24aa0e0a5b
14 changed files with 255 additions and 33 deletions
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@ -84,6 +84,11 @@ class RegistrationConfig(Config):
            "disable_msisdn_registration", False
        )

+        session_lifetime = config.get("session_lifetime")
+        if session_lifetime is not None:
+            session_lifetime = self.parse_duration(session_lifetime)
+        self.session_lifetime = session_lifetime
+
    def generate_config_section(self, generate_secrets=False, **kwargs):
        if generate_secrets:
            registration_shared_secret = 'registration_shared_secret: "%s"' % (
@ -141,6 +146,17 @@ class RegistrationConfig(Config):
        #  renew_at: 1w
        #  renew_email_subject: "Renew your %%(app)s account"

+        # Time that a user's session remains valid for, after they log in.
+        #
+        # Note that this is not currently compatible with guest logins.
+        #
+        # Note also that this is calculated at login time: changes are not applied
+        # retrospectively to users who have already logged in.
+        #
+        # By default, this is infinite.
+        #
+        #session_lifetime: 24h
+
        # The user must provide all of the below types of 3PID when registering.
        #
        #registrations_require_3pid: