Details
-
Improvement
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.0.0
-
None
Description
Setting the TTL to -1 results in tokens that never expire. If the TTL is configured to a positive number, renewing the token is the only way to extend its expiration time. By default, there is a cap on this event: a token cannot be renewed after it reaches the configured maximum lifetime (defaults to 7 days).
This task aims to provide end-users with a way to bypass this check and let tokens be renewed whenever they want. The logic would be similar to the Unlimited token handling: if the maximum lifetime is set to -1, tokens would be subject to renewal without checking the maximum lifetime.
Please note that token renewal still must be configured with a list of trusted users via the knox.token.renewer.whitelist configuration.
Attachments
Issue Links
- links to
