Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add AccountsJS configurations as env vars #6841

Open
wants to merge 2 commits into
base: password-reset-url
Choose a base branch
from
Open

Add AccountsJS configurations as env vars #6841

wants to merge 2 commits into from

Conversation

tedraykov
Copy link
Collaborator

@tedraykov tedraykov commented May 19, 2023
edited
Loading

Impact: minor
Type: feature

Issue

Developers can't customize the JWT access and refresh tokens' expiration date. Also, there is no way to configure whether the reset password mutation returns new auth tokens or not.

Solution

This PR adds environmental variables that allow to configure the aforementioned accounts js server properties, i.e. the jwt access and refresh token expiration time and the password reset mutation return type.

Breaking changes

None. The default values of the env vars are identical to the accounts js library default values.

Testing

Testing the password reset returned tokens:

  1. Set the ACCOUNTS_JS_RETURN_TOKENS_AFTER_RESET_PASSWORD env var to true.
  2. Run the password reset workflow and run the resetPassword mutation with the tokens in the return body like so:
mutation resetPassword($token: String!, $newPassword: String!) {
  resetPassword(token: $token, newPassword: $newPassword) {
    tokens {
      accessToken
      refreshToken
    }
  }
}

If the env var is set to true, you should see the newly generated access and refresh tokens in the response
If the env var is set to false, you should see null in the response

Testing the jwt token expiration time:

  1. Set the ACCOUNTS_JS_ACCESS_TOKEN_EXPIRES_IN to 7d for example
  2. Authenitcate with the authenticate mutation or with the Kinetic Admin
  3. Overserve the generated jwt token expiration date after you decoded it:
Screenshot 2023-05-19 at 11 51 16 Screenshot 2023-05-19 at 11 51 26

@changeset-bot
Copy link

changeset-bot bot commented May 19, 2023
edited
Loading

🦋 Changeset detected

Latest commit: 82f2d5f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@reactioncommerce/api-plugin-authentication Minor
reaction Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@tedraykov
chore: changeset
82f2d5f 
Signed-off-by: tedraykov <[email protected]>
@tedraykov tedraykov requested a review from vanpho93 May 19, 2023 13:21
@brent-hoover brent-hoover requested a review from sujithvn May 29, 2023 00:25
sujithvn
sujithvn reviewed Jun 16, 2023
View reviewed changes
packages/api-plugin-authentication/src/config.js

export default envalid.cleanEnv(
process.env,
{
ACCOUNTS_JS_RETURN_TOKENS_AFTER_RESET_PASSWORD: bool({ default: false }),
ACCOUNTS_JS_ACCESS_TOKEN_EXPIRES_IN: str({ default: "90m" }),
ACCOUNTS_JS_REFRESH_TOKEN_EXPIRES_IN: str({ default: "30d" }),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are providing 30d as default for refresh-token, but the default in accountsjs is 7d link

sujithvn
sujithvn approved these changes Jun 16, 2023
View reviewed changes
Copy link
Contributor

@sujithvn sujithvn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All good, just my comment on the default for refresh-token expiry

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sujithvn sujithvn sujithvn approved these changes

@vanpho93 vanpho93 vanpho93 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tedraykov @vanpho93 @sujithvn