Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request: add time-to-live option for /signin/generate-token #731

Closed
hingobway opened this issue Sep 15, 2024 · 7 comments
Closed

Request: add time-to-live option for /signin/generate-token #731

hingobway opened this issue Sep 15, 2024 · 7 comments

Comments

@hingobway
Copy link

Hi,

I was implementing an alternative email provider for magic link sign-ins and got it working using the /signin/generate-token endpoint.

However, as far as I can tell this endpoint has no configurable time-to-live, and only outputs tokens with a TTL of 2 minutes, which is far too short for email links. It would be great to make that option configurable!
@abergs
Copy link
Member

abergs commented Sep 17, 2024

Hey @hingobway, we're taking a look at this.

@jonashendrickx
Copy link
Member

@abergs & @hingobway The schema does mention timeToLive in the request body:

https://v4.passwordless.dev/swagger/index.html

It is marked as obsolete, but this is probably wrong, and I can see it being used in the back-end to return the authentication token. Likely was marked as obsolete as we wanted to prevent using it elsewhere in our own codebase.

jonashendrickx added a commit that referenced this issue Sep 17, 2024
@jonashendrickx
#731 | TimeToLive is not an obsolete property
c0e6535
jonashendrickx added a commit that referenced this issue Sep 17, 2024
@jonashendrickx
Merge branch 'main' into feature/gh-731
ff24d6f
@hingobway
Copy link
Author

@jonashendrickx that's interesting, thanks. I actually didn't realize that that "Schema" switch in the docs was a button at all.

Are you able to get that timeToLive parameter to work? I just tried including one, and it didn't seem to have any effect.

@jonashendrickx
Copy link
Member

@hingobway Does the following request work for you? You might have to change the ApiSecret to whatever your keys are:

POST https://v4.passwordless.dev/signin/generate-token
Content-Type: application/json
ApiSecret: your-api-secret-here

{
  "userId": 1,
  "timeToLive": 30
}

I just double checked locally everything was properly working. The timeToLive parameter takes an integer in seconds. And will default to a value of 120 seconds if the field is not present.

If it is still not working, we can always verify in a call.

jonashendrickx added a commit that referenced this issue Sep 18, 2024
@jonashendrickx
#731 | TimeToLive is not an obsolete property (#738)
724c4bd
@hingobway
Copy link
Author

Ok, it worked perfectly this time, not sure what I did last time. Sorry for the confusion, and thanks for your help!

@jonashendrickx
Copy link
Member

@hingobway You're welcome!

In the next release, the property will show up properly in the Open API documentation.

If you encounter any other issues, don't hesitate to reach out again!

@Tyrrrz
Copy link
Contributor

Tyrrrz commented Sep 19, 2024

Docs fix: bitwarden/passwordless-docs#147

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@abergs @jonashendrickx @Tyrrrz @hingobway