Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

max_signed_tokens_ttl setting for a maximum duration on API tokens #1858

Closed
Tracked by #1850
simonw opened this issue Oct 26, 2022 · 4 comments
Closed
Tracked by #1850

max_signed_tokens_ttl setting for a maximum duration on API tokens #1858

simonw opened this issue Oct 26, 2022 · 4 comments
Labels
authentication-and-permissions
Milestone
Datasette 1.0a0

Comments

@simonw
Copy link
Owner

simonw commented Oct 26, 2022
edited
Loading

It's currently possible to use /-/create-token to create a token that lasts forever.

Some administrators may wish to have a maximum expiry instead. I should support that with a setting.
@simonw simonw mentioned this issue Oct 26, 2022
Closed
17 tasks
@simonw simonw added this to the Datasette 1.0 milestone Oct 26, 2022
@simonw
Copy link
Owner Author

simonw commented Oct 26, 2022

This setting will disable the "Token never expires" option:

image

@simonw
Copy link
Owner Author

simonw commented Oct 26, 2022

I'm going for consistency with max_csv_mb and max_returned_rows and allow_signed_tokens and default_cache_ttl.

So max_signed_tokens_ttl.

@simonw simonw changed the title Setting for a maximum duration on API tokens max_signed_tokens_ttl setting for a maximum duration on API tokens Oct 26, 2022
@simonw
Copy link
Owner Author

simonw commented Oct 26, 2022

I just realized this can't easily affect the datasette create-token command because it doesn't currently accept the --setting option, so it wouldn't know what max_signed_tokens_ttl was.

More to the point: even if it did, someone could abuse their knowledge of the secret to create a signed non-expiring token even on servers that didn't want to support those.

So I actually need to redesign the token format: it needs to store the timestamp when the token was created and the intended duration, NOT the timestamp that the token expires at.

Otherwise it's not possible for servers to enforce max_signed_tokens_ttl - someone could always create a token with a custom expires_at timestamp on it outside of the configured limit.

@simonw
Copy link
Owner Author

simonw commented Oct 26, 2022

New token design:

{
  "a": "actor-id",
  "t": "creation timestamp as integer",
  "d": "intended duration in seconds, or blank if no duration set"
}

This is in place of the "e": "expiry timestamp" design I've built so far.

simonw added a commit that referenced this issue Oct 27, 2022
@simonw
max_signed_tokens_ttl setting, closes #1858
382a871 
Also redesigned token format to include creation time and optional duration.
@simonw simonw closed this as completed Oct 27, 2022
@simonw simonw modified the milestones: Datasette 1.0, Datasette 1.0a0 Nov 15, 2022
simonw added a commit that referenced this issue Nov 29, 2022
@simonw
Release 1.0a0
022bf39 
Refs #1850, #1851, #1852, #1856, #1858, #1863, #1864, #1871, #1874, #1882

Closes 1891
simonw added a commit that referenced this issue Nov 29, 2022
@simonw
Release 1.0a0
4d49a5a 
Refs #1850, #1851, #1852, #1856, #1858, #1863, #1864, #1871, #1874, #1882

Closes #1891
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
authentication-and-permissions
Projects
None yet
Milestone
Datasette 1.0a0
Development

No branches or pull requests
1 participant
@simonw