Project

General

Profile

Actions

Bug #16736

closed

Token lifetime options

Added by Lucas Di Pentima over 4 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
API
Target version:
Story points:
3.0
Release relationship:
Auto

Description

Add a new option API.MaximumTokenLifetime:

  • If no expiration time is given in the create call, it is the "maximum" expiration (new configuration option API.MaximumTokenLifetime)
  • For regular users, token expires_at is clamped to MaximumTokenLifetime for create/update
  • Admins can create tokens with any expiration time.
  • Tokens created to run a container do not have a set expire time (because it will expire when the container ends)
  • Tokens created for use on a shell node by arvados-login-sync script have max lifetime, and are rotated by the script on some interval (like MaximumTokenLifetime/2)

Tokens created through login use Login.TokenLifetime (existing behavior).


Subtasks 2 (0 open2 closed)

Task #16754: Review 16736-expiring-tokens-limitsClosed09/10/2020Actions
Task #17034: Review 16736-max-token-lifetimeResolvedPeter Amstutz09/10/2020Actions

Related issues 1 (0 open1 closed)

Related to Arvados Epics - Idea #16520: GxP QualificationResolved08/01/202004/30/2021Actions
Actions

Also available in: Atom PDF