Merge pull request '[FEAT] Enable INVALIDATE_REFRESH_TOKENS' (#4633) from gusted/sec-oauth into forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4633 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-22 09:54:24 +01:00 · 2024-07-23 20:45:22 +00:00 · 2024-07-23 20:45:22 +00:00 · 14d079a1eb
parent 5a922ca983 89b1723d35
commit 14d079a1eb
1 changed files with 1 additions and 1 deletions
--- a/modules/setting/oauth2.go
+++ b/modules/setting/oauth2.go
@ -104,7 +104,7 @@ var OAuth2 = struct {
 	Enabled:                    true,
 	AccessTokenExpirationTime:  3600,
 	RefreshTokenExpirationTime: 730,
-	InvalidateRefreshTokens:    false,
+	InvalidateRefreshTokens:    true,
 	JWTSigningAlgorithm:        "RS256",
 	JWTSigningPrivateKeyFile:   "jwt/private.pem",
 	MaxTokenLength:             math.MaxInt16,