New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct Expiration of tokens #30

Open

Janekdererste opened this issue Sep 7, 2018 · 0 comments

Labels

Milestone

Version 1.0 of Au...

Member

Janekdererste commented Sep 7, 2018

Tokens are currently valid for a long time. They should have a shorter expiration period.

Access Tokens within the range of a day (24 hours). That would require logging in once a day.
Id Tokens should be valid for less than one hour. (maybe 10 minutes?) They are only used for signing into the client and letting the client fetch user info from auth server.
Implement a sweeper task which clears expired tokens from the database (perhaps once a day)

Janekdererste added the auth-server label

Janekdererste added this to the Version 1.0 of Authentication milestone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment