Merge pull request #320 from City-of-Helsinki/develop

Allows API-tokens to be up to one hour old (OIDC_LEEWAY)
City-of-Helsinki · Aug 31, 2021 · 6524c5a · 6524c5a
2 parents d262f69 + f4f1965
commit 6524c5a
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/helerm/settings.py b/helerm/settings.py
@@ -334,6 +334,11 @@ def get_git_revision_hash() -> str:
     'ISSUER': env('OIDC_API_TOKEN_AUTH_ISSUER'),
 }
 
+# by default drf-oidc-auth allows tokens to be at most 10 minutes old
+# extend that to one hour. Likely the behaviour of the underlying
+# drf-oidc-auth library will change at some point:
+# https://github.com/ByteInternet/drf-oidc-auth/issues/49
+OIDC_AUTH = {"OIDC_LEEWAY": 60 * 60}
 
 # Elasticsearch configuration
 ELASTICSEARCH_DSL = {