Add option to disable refresh token invalidation (#6584) (#6587)

* Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software> (cherry picked from commit 783cd64927) Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-04-12 12:42:44 +02:00 · 2019-04-12 12:42:44 +02:00 · 72f4cdf868
commit 72f4cdf868
parent 5be1b7df3f
6 changed files with 57 additions and 11 deletions
--- a/modules/auth/user_form.go
+++ b/modules/auth/user_form.go
@ -172,7 +172,6 @@ type AccessTokenForm struct {
 	ClientID     string
 	ClientSecret string
 	RedirectURI  string
-	// TODO Specify authentication code length to prevent against birthday attacks
 	Code         string
 	RefreshToken string