Skip to content

feat: allow configurable expiration for refreshToken #220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: allow configurable expiration for refreshToken #220

wants to merge 2 commits into from

Conversation

@demeyerthom
Copy link
Member

@demeyerthom demeyerthom commented Nov 19, 2025

This pull request introduces a major change to the refresh token handling in the @labdigital/federated-token package. The main improvement is the addition of support for a configurable expiresIn option when setting refresh tokens, allowing for custom expiration times or session-based expiration. This change is thoroughly tested with new and updated unit tests.

Refresh Token Expiration Improvements:

  • Added support for passing a refreshToken.expiresIn option to the setRefreshToken method, enabling custom expiration times or session-based expiration for refresh tokens (cookies-base.ts).
  • Updated and expanded unit tests in cookies-base.test.ts to verify behavior with default, custom, and session expiration settings for refresh tokens. [1] [2]

Documentation and Release Notes:

  • Added a changeset documenting this as a major change for the @labdigital/federated-token package.

@changeset-bot
Copy link

changeset-bot bot commented Nov 19, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 86dce9b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 5 packages
Name Type
@labdigital/federated-token Minor
@labdigital/federated-token-apollo Minor
@labdigital/federated-token-express-adapter Minor
@labdigital/federated-token-fastify-adapter Minor
@labdigital/federated-token-yoga Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Copilot finished reviewing on behalf of demeyerthom November 19, 2025 09:14
Copilot AI reviewed Nov 19, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request adds support for configurable expiration times for refresh tokens in the @labdigital/federated-token package. Previously, refresh tokens had a hardcoded one-year expiration. The changes allow consumers to specify custom expiration durations in seconds or use session-based expiration where tokens expire when the browser closes.

  • Added refreshToken.expiresIn option support in BaseCookieSourceOptions
  • Updated setRefreshToken method to use configurable expiration instead of hardcoded value
  • Added comprehensive test coverage for default, custom, and session expiration scenarios

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
packages/core/src/tokensource/cookies-base.ts Refactored setRefreshToken to support configurable expiration via refreshToken.expiresIn option, with backward-compatible default of one year
packages/core/src/tokensource/cookies-base.test.ts Expanded test suite with three test cases covering default (1 year), custom (60s), and session-based expiration scenarios
.changeset/sad-worms-dream.md Added changeset documenting this feature as a minor version bump

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pvaneveld pvaneveld Awaiting requested review from pvaneveld

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@demeyerthom