Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

[useradm] Implement expiration time and revoking of Personal Access Tokens

Description

Implement expiration time and revoking of PATs in useradm service.

Acceptance criteria:
1. User can set an expiration time when creating PAT; the maximum expiration time is one year
2. User can dynamically revoke PAT when needed
3. The token expires if it has not been used after 1 year by default
4. Unit tests
5. Acceptance tests

Affects versions

None

Environment

None

Checklist

Activity

Show:

Krzysztof JaśkiewiczJune 10, 2022 at 12:23 PM

Fabio TranchitellaMay 27, 2022 at 1:05 PM

 no notifications and no feature to regenerate the tokens. We'll consider them when iteration 1 is done.

Maciej TomczukMay 27, 2022 at 12:06 PM

Questions about actions connected to revoking a token, most probably can be done in second iteration:

  1. Should we send email notifications after token was revoked/close to expire?

  2. Should UI notify users about the token being expired soon?

  3. Should we add regenerate token feature? - I suppose not, it's not a good practice from my perspective

Alf-Rune SiqvelandMay 5, 2022 at 9:18 AM

If we are tracking the last use time, then this should use a that is NO LOWER than a minute to prevent rapid writes/update to the database. Moreover, the implementation should also account for synchronization jitter between the system time. For instance, if we use minute resolution there shouldn't be an update to the last usage unless the time is past a given jitter duration (e.g. a second) into the next minute.

As for the token expiration, the token should REUSE the existing `exp` field to track token expiry - it is important to keep the number of indexes to a minimum (esp. for this collection) to not penalize write performance.

Fixed

Details

Assignee

Reporter

Labels

Story Points

Remaining Story Points

0

Priority

Days in progress

9

Fix versions

Sprint

Backlog

yes

Zendesk Support

Checklist

Created March 14, 2022 at 7:51 AM
Updated June 10, 2022 at 12:23 PM
Resolved June 10, 2022 at 12:23 PM