Uploaded image for project: 'mod-authtoken'
  1. mod-authtoken
  2. MODAT-64

Enforce access token expiration

    XMLWordPrintable

Details

    • CP: R3 2022 roadmap, CP: sprint 125, CP: sprint 126
    • 5
    • Core: Platform
    • Lotus R1 2022

    Description

      Overview

      Currently only access tokens issued by the POST /refresh endpoint include an expiration (exp claim). This should be extended to all access tokens issued.

      Access token expiration is not currently checked, but should always be.

      Acceptance Criteria

      • All access tokens should have an expiration
      • Authorization should validate that the provided access token has not expired.

      TestRail: Results

        Attachments

          Issue Links

            blocks

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODAT-67 One-time use refresh tokens

            • P2 - normal priority level, must be included in the current development cycle
            • Closed
            is blocked by

            Task - A task that needs to be done. FOLIO-2556 SPIKE: investigate refresh tokens support in FOLIO

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODAT-109 Implement new token types

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODAT-110 Implement token persistent store

            • P2 - normal priority level, must be included in the current development cycle
            • Closed
            is duplicated by

            Bug - A problem which impairs or prevents the functions of the product. MODAT-103 Reject expired auth tokens

            • P2 - normal priority level, must be included in the current development cycle
            • Closed
            relates to

            Task - A task that needs to be done. FOLIO-2556 SPIKE: investigate refresh tokens support in FOLIO

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            mentioned in

            Page Loading...

            Page Loading...

            Activity

              People

                stevel Steve Ellis
                cmcnally Craig McNally
                Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases