core: add user settable token durations (#7410)

* core: add support for user settable token duration

* web: add support for user settable token duration

* website: add documentation for user settable token duration

* core : fix locales

* web: fix tokenIntent when updating

* core: fix linting

* website: Update website/docs/user-group-role/user/user_ref.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jean-Michel DILLY <48059109+jmdilly@users.noreply.github.com>

* make token duration system-wide configurable

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* small fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate token configs to tenants

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* add release notes

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* make website

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint-fix

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix migrations

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* nosec

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint-fix

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix migrations for real this time

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* trying with no model using default_token_key

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint-fix

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix save

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint-fix

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* use signal instead of overriding save

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix tests

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Jean-Michel DILLY <48059109+jmdilly@users.noreply.github.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>

authentik/providers/oauth2/id_token.py

@@ -8,6 +8,7 @@ from django.http import HttpRequest
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 
+from authentik.core.models import default_token_duration
 from authentik.events.signals import get_login_event
 from authentik.lib.generators import generate_id
 from authentik.providers.oauth2.constants import (
@@ -87,7 +88,9 @@ class IDToken:
     ) -> "IDToken":
         """Create ID Token"""
         id_token = IDToken(provider, token, **kwargs)
-        id_token.exp = int(token.expires.timestamp())
+        id_token.exp = int(
+            (token.expires if token.expires is not None else default_token_duration()).timestamp()
+        )
         id_token.iss = provider.get_issuer(request)
         id_token.aud = provider.client_id
         id_token.claims = {}