feat(hydra): configurable ttl_refresh_token

adding new variable to configure ttl_refresh_token

ref mse project : CNOUS/mse#2591

defaults/main.yml

@@ -162,6 +162,9 @@ hydra_saml_debug: no
 # Niveau de verbosité du service shibboleth-sp
 hydra_saml_sp_log_level: WARN
 
+# Durée de vie des "refresh_token"
+hydra_ttl_refresh_token: "24h"
+
 # Inclure les règles de cartographie des attributs SAML fournis  par défaut par le projet hydra-shibboleth-sp-v3
 hydra_saml_include_sp_default_attributes_mapping: "yes"
 

sso.schema.yml

@@ -86,6 +86,9 @@ properties:
   hydra_log_leak_sensitive_values:
     type: boolean
 
+  hydra_ttl_refresh_token:
+    type: string
+
   # This value should not be changed after first deployment !
   hydra_secrets_seed:
     type: string

templates/cadoles-pod-hydra-v1.conf.j2

@@ -18,6 +18,7 @@ PODMAN_ARGS="\
     -e 'HYDRA_URL_POST_LOGOUT={{ hydra_url_post_logout }}' \
     -e 'HYDRA_ALLOW_INSECURE=yes' \
     -e 'HYDRA_LEVEL={{ hydra_log_level }}' \
+    -e 'TTL_REFRESH_TOKEN={{ hydra_ttl_refresh_token }}'\
     {% if hydra_public_cors_allowed_origins | default([]) | length > 0 %}
     -e 'SERVE_PUBLIC_CORS_ENABLED=true' \
     -e 'SERVE_PUBLIC_CORS_ALLOWED_ORIGINS={{ hydra_public_cors_allowed_origins | join(',') }}' \