Add OAUTH_DELETE_EXPIRED to LMS Envs (#4075)

* Add OAUTH_DELETE_EXPIRED to LMS Envs * Adding comments and CHANGELOG entry

Add OAUTH_DELETE_EXPIRED to LMS Envs (#4075)
* Add OAUTH_DELETE_EXPIRED to LMS Envs * Adding comments and CHANGELOG entry
001c6291 · Brian Mesick · GitHub · 597eb6dd · 001c6291 · 001c6291
Commit 001c6291 authored Sep 05, 2017 by Brian Mesick Committed by GitHub Sep 05, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

CHANGELOG.md
+3 -0

playbooks/roles/edxapp/defaults/main.yml
+3 -0

No files found.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+- Role: edxapp
+  - Added OAUTH_DELETE_EXPIRED to enable automatic deletion of edx-django-oauth2-provider grants, access tokens, and refresh tokens as they are consumed. This will not do a bulk delete of existing rows.
 - Role: mongo_3_2
  - Added role for mongo 3.2, not yet in use.
  - Removed MONGO_CLUSTERED variable. In this role mongo replication is always configured, even if there is only one node.

--- a/playbooks/roles/edxapp/defaults/main.yml
+++ b/playbooks/roles/edxapp/defaults/main.yml
@@ -541,6 +541,8 @@ EDXAPP_DEFAULT_CACHE_VERSION: "1"
 EDXAPP_OAUTH_ENFORCE_SECURE: True
 EDXAPP_OAUTH_EXPIRE_CONFIDENTIAL_CLIENT_DAYS: 365
 EDXAPP_OAUTH_EXPIRE_PUBLIC_CLIENT_DAYS: 30
+# This turns on deletion of access tokens, refresh tokens, and grants when consumed (not bulk deletions)
+EDXAPP_OAUTH_DELETE_EXPIRED: True
 # Directory for edxapp application configuration files
 EDXAPP_CFG_DIR: "{{ COMMON_CFG_DIR }}/edxapp"
@@ -1162,6 +1164,7 @@ lms_env_config:
  OAUTH_ENFORCE_SECURE: "{{ EDXAPP_OAUTH_ENFORCE_SECURE }}"
  OAUTH_EXPIRE_CONFIDENTIAL_CLIENT_DAYS: "{{ EDXAPP_OAUTH_EXPIRE_CONFIDENTIAL_CLIENT_DAYS }}"
  OAUTH_EXPIRE_PUBLIC_CLIENT_DAYS: "{{ EDXAPP_OAUTH_EXPIRE_PUBLIC_CLIENT_DAYS }}"
+  OAUTH_DELETE_EXPIRED: "{{ EDXAPP_OAUTH_DELETE_EXPIRED }}"
  PAID_COURSE_REGISTRATION_CURRENCY: "{{ EDXAPP_PAID_COURSE_REGISTRATION_CURRENCY }}"
  GIT_REPO_DIR: "{{ EDXAPP_GIT_REPO_DIR }}"
  SITE_NAME:  "{{ EDXAPP_LMS_SITE_NAME }}"