Skip to content

need expiration for device authn access tokens #2302

New issue
New issue
Open
Enhancement
Open
need expiration for device authn access tokens#2302
Enhancement
Assignees
david-crespo
Labels
authnAuthenticationcustomerFor any bug reports or feature requests tied to customer requestsknown issueTo include in customer documentation and trainingsecurityRelated to security.
Milestone
 
14
@davepacheco

Description

@davepacheco
davepacheco
opened on Feb 2, 2023

Today, device authn access tokens do not expire. They presumably should.
(creating this for these TODO-security comments:

omicron/nexus/src/app/device_auth.rs

Line 121 in b062e95

// TODO-security: set an expiration time for the valid token.

omicron/common/src/sql/dbinit.sql

Line 1773 in b062e95

-- TODO-security: expire tokens.

)

(edit: these comments were removed under #2417 but the issue remains)

Metadata

Metadata

Assignees

Labels

authnAuthenticationcustomerFor any bug reports or feature requests tied to customer requestsknown issueTo include in customer documentation and trainingsecurityRelated to security.

Type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions