Uploaded image for project: 'mod-authtoken'
  1. mod-authtoken
  2. MODAT-64

Enforce access token expiration

    XMLWordPrintable

    Details

    • Template:
    • Sprint:
      CP: R1 2022 roadmap, CP: sprint 125, CP: sprint 126
    • Story Points:
      5
    • Development Team:
      Core: Platform
    • Release:
      Lotus R1 2022

      Description

      Overview

      Currently only access tokens issued by the POST /refresh endpoint include an expiration (exp claim). This should be extended to all access tokens issued.

      Access token expiration is not currently checked, but should always be.

      Acceptance Criteria

      • All access tokens should have an expiration
      • Authorization should validate that the provided access token has not expired.

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                stevel Steve Ellis
                Reporter:
                cmcnally Craig McNally
                Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases