Skip to content

need expiration for device authn access tokens #2302

@davepacheco

Description

@davepacheco

Today, device authn access tokens do not expire. They presumably should.
(creating this for these TODO-security comments:

// TODO-security: set an expiration time for the valid token.

-- TODO-security: expire tokens.

)

(edit: these comments were removed under #2417 but the issue remains)

Metadata

Metadata

Assignees

Labels

authnAuthenticationcustomerFor any bug reports or feature requests tied to customer requestsknown issueTo include in customer documentation and trainingsecurityRelated to security.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions