Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat: add separate max token lifetime for administrators#18267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Conversation

ThomasK33
Copy link
Member

@ThomasK33ThomasK33 commentedJun 6, 2025
edited
Loading

Add separate token lifetime limits for administrators

This PR introduces a new configuration option--max-admin-token-lifetime that allows administrators to create API tokens with longer lifetimes than regular users. By default, administrators can create tokens with a lifetime of up to 7 days (168 hours), while the existing--max-token-lifetime setting continues to apply to regular users.

The implementation:

  • Adds a newMaximumAdminTokenDuration field to the session configuration
  • Modifies the token validation logic to check the user's role and apply the appropriate lifetime limit
  • Updates the token configuration endpoint to return the correct maximum lifetime based on the user's role
  • Adds tests to verify that administrators can create tokens with longer and shorter lifetimes
  • Updates documentation and help text to reflect the new option

This change allows organizations to grant administrators extended token lifetimes while maintaining tighter security controls for regular users.

Fixes#17395

@ThomasK33Graphite App
Copy link
MemberAuthor

This stack of pull requests is managed byGraphite. Learn more aboutstacking.

@ThomasK33ThomasK33force-pushed thethomask33/06-06-feat_api_add_max_admin_token_lifetime_configuration_and_validation branch from6214f1d to4c418e6CompareJune 6, 2025 11:16
@ThomasK33ThomasK33 marked this pull request as ready for reviewJune 6, 2025 12:12
@ThomasK33ThomasK33 requested a review fromjohnstcnJune 6, 2025 12:12
Copy link
Member

@johnstcnjohnstcn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I'd like to see some tests for the inverse (shorter admin max token lifetime), as I could imagine security-conscious orgs wanting to minimize dangerous token lifetimes. There's also a potentially misleading comment. Apart from that, I don't need to review again.

ThomasK33 reacted with thumbs up emoji
@ThomasK33ThomasK33force-pushed thethomask33/06-06-feat_api_add_max_admin_token_lifetime_configuration_and_validation branch from4c418e6 to9f15ef9CompareJune 6, 2025 13:13
Change-Id: I4540ce3eeb46ab58909ac37e60c3ece93668212aSigned-off-by: Thomas Kosiewski <tk@coder.com>
@ThomasK33ThomasK33force-pushed thethomask33/06-06-feat_api_add_max_admin_token_lifetime_configuration_and_validation branch from9f15ef9 toa8ea1f9CompareJune 6, 2025 13:49
@ThomasK33ThomasK33 merged commitf569d9c intomainJun 6, 2025
40 checks passed
@ThomasK33ThomasK33 deleted the thomask33/06-06-feat_api_add_max_admin_token_lifetime_configuration_and_validation branchJune 6, 2025 15:36
@github-actionsgithub-actionsbot locked and limited conversation to collaboratorsJun 6, 2025
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Reviewers

@johnstcnjohnstcnjohnstcn approved these changes

Assignees

@ThomasK33ThomasK33

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support finer control on token lifetime
2 participants
@ThomasK33@johnstcn
[8]ページ先頭
©2009-2025 Movatter.jp