Preview Token TTL #393
Description
🐛 Problem
When generating a preview URL, we create a previewJwtToken using a dedicated PreviewUserProvider.
However, this token currently inherits the default TTL (1 hour) configured in lexik/jwt-authentication-bundle.
For preview access, this is too long.
We would like the preview token to have a shorter TTL (15 minutes).
🔎 Current Implementation
The expiration (exp) claim is added via a subscriber listening to:
Lexik\Bundle\JWTAuthenticationBundle\Events::JWT_CREATEDSpecifically in:
Subscriber/AdditionalAccessTokenClaimsAndHeaderSubscriber.php
This subscriber manually sets the exp claim in the JWT payload.
🎯 Expected Behavior
For tokens generated via PreviewUserProvider, the TTL should be:
15 minutes
instead of the default 1 hour.
💡 Proposed Solution
Since LexikJWTAuthenticationBundle dispatches the Events::JWT_CREATED event, we can:
Create a new event subscriber
Ensure it is executed before AdditionalAccessTokenClaimsAndHeaderSubscriber
Detect whether the authenticated user comes from PreviewUserProvider
Override the exp value in $data['exp'] with a custom TTL (15 minutes)
PreviewUserProvider returns a UserInterface implementation, just like the default provider.
This means we cannot rely on the type alone unless a specific class is used.