Project

General

Profile

Actions

Feature #16678

closed

Default lifetime for tokens issued through login

Added by Peter Amstutz about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
API
Target version:
Story points:
-
Release relationship:
Auto

Description

Add a configuration where tokens issued through web login have a default lifetime. An expiration time of 8 or 12 hours implements a policy where users are required to log in again each day, and limits the amount of time an attacker could make use of a stolen token. The token is prevented from manipulating other tokens (i.e. getting other tokens or creating a new token without an expiration).

Document this feature in the admin section.


Subtasks 1 (0 open1 closed)

Task #16690: Review 16678-login-tokens-lifetime-configResolvedLucas Di Pentima08/24/2020Actions

Related issues

Related to Arvados Epics - Idea #16520: GxP QualificationResolved08/01/202004/30/2021Actions
Actions

Also available in: Atom PDF