Easily regenerate expired access tokens

[airtonix]

Reviving a previously posted request:

npm/feedback#1088

With [NPM] granular access tokens it is possible to create tokens that expire after a while. In many scenarios this means a new token must be generated after that and in all likelihood this new token should have the exact same configuration as the original token. Currently this requires creating a new token from scratch and configuring it in the same way as the previous token.

If it were possible to regenerate an existing token (using the existing configuration) this would make token rotation a lot easier.

As a point of comparison, GitHub has this functionality for Personal Access Tokens, see https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.

The original poster also suggested that:

This request is related to npm/feedback#849 in that it can help alleviate the operational overhead of expiring tokens a bit (though I do not mean to suggest it's substitute for that request).

But most of us with experience know that access token without an expiry are bad security.

[RachidZahrani]

Feature Request: Token Regeneration for Granular Access Tokens

Description:
Enable the regeneration of expired granular access tokens with the same configuration to simplify token rotation.

Justification:
This feature would reduce operational overhead by avoiding the need to manually recreate and reconfigure tokens, similar to GitHub's functionality for Personal Access Tokens.