[MXS-4351] Make REST API Json Web Token max-age upper limit configurable Created: 2022-10-13 Updated: 2022-10-20 Resolved: 2022-10-17 |
|
| Status: | Closed |
| Project: | MariaDB MaxScale |
| Component/s: | REST-API |
| Affects Version/s: | None |
| Fix Version/s: | 23.02.0 |
| Type: | Bug | Priority: | Major |
| Reporter: | Hartmut Holzgraefe | Assignee: | markus makela |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Description |
|
Currently the max-age of a JSON web token, and so a Web GUI login session, defaults to 8 hours. While REST API clients can change max-age using e.g. `GET /v1/auth?max-age=28800` such changes are not persistent yet. Feature request: make this timeout configurable through e.g. a `auth_token_timeout` configuration variable |
| Comments |
| Comment by markus makela [ 2022-10-13 ] |
|
I changed the title from default to upper limit. It is more important to control the upper limit as the default value can simply be ignored by the client doing the request. This also allows administrators to impose strict limitations on logins which would not be possible with a default value. |
| Comment by markus makela [ 2022-10-17 ] |
|
Added the admin_jwt_max_age parameter that is used to determine the maximum age of a token and set the default value to one day. The GUI will also now request for a one week token to handle cases where longer token ages are allowed. The default token age is still 8 hours but setting admin_jwt_max_age to a lower value also lowers this default. |