Improvements

Classes/Security/Authentication/Factory/TokenFactory.php

@@ -55,6 +55,12 @@ class TokenFactory
      */
     protected $request;
 
+    /**
+     * @var int
+     * @Flow\InjectConfiguration(path="tokenLifetime")
+     */
+    protected $tokenLifetime;
+
     /**
      * @param $request
      */
@@ -79,10 +85,20 @@ public function getJsonWebToken(): string
             $payload['creationDate'] = $account->getCreationDate()->getTimestamp();
         }
 
-        // TODO Add refresh token + expire date
         if ($account->getExpirationDate() instanceof \DateTime) {
-            $payload['expirationDate'] = $account->getExpirationDate()->getTimestamp();
+            $payload['accountExpirationDate'] = $account->getExpirationDate()->getTimestamp();
+        }
+
+        if ($this->tokenLifetime > 0) {
+            $payload['exp'] = (new \DateTime())->getTimestamp() + $this->tokenLifetime;
+        }
+
+        if (array_key_exists('accountExpirationDate', $payload) && array_key_exists('exp', $payload)) {
+            if ($payload['accountExpirationDate'] < $payload['exp']) {
+                $payload['exp'] = $payload['accountExpirationDate'];
+            }
         }
         return $this->jwtService->createJsonWebToken($payload);
     }
+
 }

Classes/Security/Authentication/Provider/JwtAuthenticationProvider.php

@@ -9,6 +9,7 @@
 use Neos\Flow\Security\Authentication\TokenInterface;
 use Neos\Flow\Security\Exception\UnsupportedAuthenticationTokenException;
 use Neos\Flow\Security\Policy\PolicyService;
+use Neos\Party\Domain\Model\AbstractParty;
 use RFY\JWT\Security\Authentication\Token\JwtToken;
 use RFY\JWT\Security\JwtAccount;
 use RFY\JWT\Service\JwtService;
@@ -89,7 +90,12 @@ public function authenticate(TokenInterface $authenticationToken)
         $account = new JwtAccount();
         $account->setClaims($claims);
         $account->setAuthenticationProviderName('JwtAuthenticationProvider');
-        $account->setParty($this->partyRepository->findByIdentifier($claims->{'identifier'}));
+        $party = $this->partyRepository->findByIdentifier($claims->{'identifier'});
+        if (!$party instanceof AbstractParty) {
+            $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
+            return;
+        }
+        $account->setParty($party);
 
         $rolesClaim = $this->claimMapping['roles'];
         foreach ($rolesClaim as $key => $roleClaim) {

Configuration/Settings.yaml

@@ -30,3 +30,4 @@ RFY:
       - from: header
         name: Authorization
     claimMapping: []
+    tokenLifetime: 86400

composer.json

@@ -5,7 +5,8 @@
   "license": "MIT",
   "require": {
     "neos/flow": "^7.0",
-    "firebase/php-jwt": "^5.2"
+    "firebase/php-jwt": "^5.2",
+    "neos/party": "^7.0"
   },
   "autoload": {
     "psr-4": {