This repository has been archived by the owner on Oct 4, 2021. It is now read-only.
Implement Token Validity Period #108
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently authentication and authorization tokens are valid forever.
This is dangerous, because if a token is lost it can be used forever for malicious purposes.
Generally, tokens should have a validity period.
This means the token type should contain a creation timestamp which has to be checked against the current server time and a token validity period.
The validity period could either be implements as a server configuration or it could also be contained in the token types.
The second version would allow users to specify how long a token could be used.
The text was updated successfully, but these errors were encountered: