light-oauth2 icon indicating copy to clipboard operation
light-oauth2 copied to clipboard
verified publisher icon networknt

Allow for token expiration time customization

Open Dasanko opened this issue 7 years ago • 2 comments

There are some cases where heavy data processing forces inactivity for a period longer than 10 minutes, causing the token to expire - some queries rely on other endpoints/microservices themselves. Would it be possible to add a feature allowing the token expiration time to be customized, so that specific users can get varying token durations as appropriate for their use cases? Thanks.

Dasanko avatar Aug 31 '18 15:08 Dasanko

I have written an RFC for this and want call other team members to discuss the impact. https://github.com/networknt/light-rfcs/blob/master/light-oauth2/0003-customized-token-expiration-per-client.md

@ddobrin @NicholasAzar @chenyan71 what do you think?

stevehu avatar Sep 02 '18 00:09 stevehu

I think that it it could be a useful feature, and I see it being useful in a larger organization, where multiple applications must be secured, with each having sometimes different requirements.

At my current client, it has not yet been considered a high priority item.

ddobrin avatar Sep 02 '18 13:09 ddobrin