3fc852f53c
Introduces JWT_ACCESS_TOKEN_EXPIRE_SECONDS setting. This is the number of seconds a JWT access token remains valid. We use this custom setting for JWT formatted access tokens, rather than the django-oauth-toolkit setting ACCESS_TOKEN_EXPIRE_SECONDS, because the JWT is non-revocable and we want it to be shorter lived than the legacy Bearer (opaque) access tokens, and thus to have a smaller default. BREAKING CHANGE: The thing that is breaking is that JWT access tokens will now have a 1 hour default, instead of a 10 hours default. If third-party scripts are appropriately checking/refreshing the access token, this should be ok. However, you can always override with a longer duration temporarily. From a security perspective, we don't recommend a longer duration, and you may consider a shorter duration. ARCHBOM-2099
Open edX -------- This is the root package for Open edX. The intent is that all importable code from Open edX will eventually live here, including the code in the lms, cms, and common directories. If you're adding a new Django app, place it in core/djangoapps. If you're adding utilities that require Django, place them in core/djangolib. If you're adding code that defines no Django models or views of its own but is widely useful, put it in core/lib. Note: All new code should be created in this package, and the legacy code will be moved here gradually. For now the code is not structured like this, and hence legacy code will continue to live in a number of different packages.