Improve JWT tokens expiration

- Reduce access tokens TTL to 15 minutes - Set refresh tokens TTL to 60 days - Set Guardian.DB to only track refresh tokens - Remove refresh token when logging out Closes #710 #705 #706 Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-05-25 11:00:46 +02:00
parent 5a13c2191c
commit a7da5ab269
6 changed files with 50 additions and 3 deletions
--- a/lib/graphql/schema/user.ex
+++ b/lib/graphql/schema/user.ex
@@ -310,6 +310,12 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
      resolve(&User.refresh_token/3)
    end

+    @desc "Logout an user, deleting a refresh token"
+    field :logout, :string do
+      arg(:refresh_token, non_null(:string))
+      resolve(&User.logout/3)
+    end
+
    @desc "Change default actor for user"
    field :change_default_actor, :user do
      arg(:preferred_username, non_null(:string), description: "The actor preferred_username")