Skip to content

Expiration for device authn access tokens #2302

New issue
New issue
Closed
Enhancement
#8214
Closed
Expiration for device authn access tokens#2302
Enhancement
#8214
Assignees
david-crespo
Labels
authnAuthenticationcustomerFor any bug reports or feature requests tied to customer requestsknown issueTo include in customer documentation and trainingsecurityRelated to security.
Milestone
15
@davepacheco

Description

@davepacheco
davepacheco
opened on Feb 2, 2023

Today, device authn access tokens do not expire. They presumably should.
(creating this for these TODO-security comments:

omicron/nexus/src/app/device_auth.rs

Line 121 in b062e95

// TODO-security: set an expiration time for the valid token.

omicron/common/src/sql/dbinit.sql

Line 1773 in b062e95

-- TODO-security: expire tokens.

)

(edit: these comments were removed under #2417 but the issue remains)

Metadata

Metadata

Assignees

Labels

authnAuthenticationcustomerFor any bug reports or feature requests tied to customer requestsknown issueTo include in customer documentation and trainingsecurityRelated to security.

Type

Enhancement

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions