Add option to disable refresh token invalidation (#6584) (#6587)

* Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software> (cherry picked from commit 783cd64927) Signed-off-by: Jonas Franz <info@jonasfranz.software>
2025-07-22 18:28:37 +00:00 · 2019-04-12 12:42:44 +02:00
parent 5be1b7df3f
commit 72f4cdf868
6 changed files with 57 additions and 11 deletions
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -350,6 +350,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `ENABLED`: **true**: Enables OAuth2 provider.
 - `ACCESS_TOKEN_EXPIRATION_TIME`: **3600**: Lifetime of an OAuth2 access token in seconds
 - `REFRESH_TOKEN_EXPIRATION_TIME`: **730**: Lifetime of an OAuth2 access token in hours
+- `INVALIDATE_REFRESH_TOKEN`: **false**: Check if refresh token got already used
 - `JWT_SECRET`: **\<empty\>**: OAuth2 authentication secret for access and refresh tokens, change this a unique string.

 ## i18n (`i18n`)