New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tokens should expire at some point #12

Closed
fkooman opened this Issue Nov 16, 2015 · 14 comments

Comments

Projects
None yet
3 participants
@fkooman
Copy link
Owner

fkooman commented Nov 16, 2015

it may be a long time, but they should expire at some point. Maybe after 1 month by default?

@fkooman fkooman added the enhancement label Nov 16, 2015

@fkooman fkooman added this to the 2.0 milestone Nov 16, 2015

@fkooman

This comment has been minimized.

Copy link
Owner

fkooman commented Nov 16, 2015

@fkooman

This comment has been minimized.

Copy link
Owner

fkooman commented Feb 16, 2017

we can easily implement this now as the OAuth server is included.

@benrubson

This comment has been minimized.

Copy link

benrubson commented Feb 16, 2017

Perhaps being able to choose the duration would be nice ?
Many thanks 👍

@fkooman

This comment has been minimized.

Copy link
Owner

fkooman commented Feb 16, 2017

I was thinking about 3 months by default, and indeed allow modifying it in the server configuration. Thoughts?

@benrubson

This comment has been minimized.

Copy link

benrubson commented Feb 16, 2017

Perfect 👍

@skddc

This comment has been minimized.

Copy link
Contributor

skddc commented Feb 16, 2017

Just FYI: we're about to launch something similar for 5apps Storage, and the way we designed it is that you can use a dropdown menu to set the expiry time for a token in the auth dialog itself. The current options are "1 day", "1 month" and "never" for now, but they're subject to change, based on real-world usage/testing.

@fkooman

This comment has been minimized.

Copy link
Owner

fkooman commented Feb 16, 2017

Ah that is clever! I could do something similar as well! I almost implemented the (admin) configurable expiry time, which is a good start I guess :)

@skddc

This comment has been minimized.

Copy link
Contributor

skddc commented Feb 28, 2017

This feature is now live on 5apps Storage. Check it out and let us know what you think!

@skddc

This comment has been minimized.

Copy link
Contributor

skddc commented Feb 28, 2017

I created https://community.remotestorage.io/t/expiring-rs-oauth-tokens/377 so other server developers and users can also find the conversation.

@fkooman fkooman removed this from the 2.0 milestone Nov 15, 2017

@fkooman

This comment has been minimized.

Copy link
Owner

fkooman commented Nov 15, 2017

They expire now (by default) after 90 days. Will look into allowing user to choose post 2.0.

@skddc

This comment has been minimized.

Copy link
Contributor

skddc commented Nov 15, 2017

Nice! (We also made token expiration a much nicer experience in the new rs.js connect widget).

So I guess this can be closed then, right?

@fkooman

This comment has been minimized.

Copy link
Owner

fkooman commented Nov 15, 2017

Well, the user cannot choose yet :-)

@skddc

This comment has been minimized.

Copy link
Contributor

skddc commented Nov 15, 2017

"tokens should expire at some point" is true now. :)

So I'd think of choosing as a new feature on top of that. No?

@fkooman

This comment has been minimized.

Copy link
Owner

fkooman commented Nov 16, 2017

Yes! :)

@fkooman fkooman closed this Nov 16, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment