This repository has been archived by the owner on Jul 24, 2021. It is now read-only.
authorization expires much too quickly #179
Comments
karenetheridge
added
wat
karenetheridge
added a commit
to joyent/conch-api
that referenced
this issue
Dec 12, 2019
…auth token This will make it easier for clients to keep using the same auth token for its full lifetime. see also joyent/conch-ui#179
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
It looks like the user has to log in again every hour -- but if the user attempts to interact with the current page, errors occur from the back end that are not propogated to the user, leading to confusing results. The user needs to guess that the login has expired and force-refresh the page, perhaps reentering whatever data they were trying to submit.
Could this interval be made longer, perhaps much longer? Login tokens persist for a month (and in v3 the exact expiration time will be included in a response header), and you can also refresh the token in the background using
POST /refresh_tokenso the user never has to re-enter their credentials (so long as their password doesn't change or their access isn't revoked by an admin).(Also, in api v3, the login process is intentionally made computationally expensive, on the order of 4s to complete, in order to encourage the usage and retention of long-lived tokens.)
The text was updated successfully, but these errors were encountered: