{"html_url": "https://github.com/simonw/datasette/issues/1858#issuecomment-1292709818", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1858", "id": 1292709818, "node_id": "IC_kwDOBm6k_c5NDS-6", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-10-26T22:07:04Z", "updated_at": "2022-10-26T22:07:04Z", "author_association": "OWNER", "body": "New token design:\r\n\r\n```json\r\n{\r\n  \"a\": \"actor-id\",\r\n  \"t\": \"creation timestamp as integer\",\r\n  \"d\": \"intended duration in seconds, or blank if no duration set\"\r\n}\r\n```\r\nThis is in place of the `\"e\": \"expiry timestamp\"` design I've built so far.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1423364990, "label": "`max_signed_tokens_ttl` setting for a maximum duration on API tokens"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1858#issuecomment-1292708227", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1858", "id": 1292708227, "node_id": "IC_kwDOBm6k_c5NDSmD", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-10-26T22:05:34Z", "updated_at": "2022-10-26T22:05:34Z", "author_association": "OWNER", "body": "I just realized this can't easily affect the `datasette create-token` command because it doesn't currently accept the `--setting` option, so it wouldn't know what `max_signed_tokens_ttl` was.\r\n\r\nMore to the point: even if it did, someone could abuse their knowledge of the secret to create a signed non-expiring token even on servers that didn't want to support those.\r\n\r\nSo I actually need to redesign the token format: it needs to store the timestamp when the token was created and the intended duration, NOT the timestamp that the token expires at.\r\n\r\nOtherwise it's not possible for servers to enforce `max_signed_tokens_ttl` - someone could always create a token with a custom `expires_at` timestamp on it outside of the configured limit.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1423364990, "label": "`max_signed_tokens_ttl` setting for a maximum duration on API tokens"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1858#issuecomment-1292687774", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1858", "id": 1292687774, "node_id": "IC_kwDOBm6k_c5NDNme", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-10-26T21:44:57Z", "updated_at": "2022-10-26T21:44:57Z", "author_association": "OWNER", "body": "I'm going for  consistency with `max_csv_mb` and `max_returned_rows` and `allow_signed_tokens` and `default_cache_ttl`.\r\n\r\nSo `max_signed_tokens_ttl`.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1423364990, "label": "`max_signed_tokens_ttl` setting for a maximum duration on API tokens"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1858#issuecomment-1291435464", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1858", "id": 1291435464, "node_id": "IC_kwDOBm6k_c5M-b3I", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-10-26T03:07:16Z", "updated_at": "2022-10-26T03:07:16Z", "author_association": "OWNER", "body": "This setting will disable the \"Token never expires\" option:\r\n\r\n<img width=\"578\" alt=\"image\" src=\"https://user-images.githubusercontent.com/9599/197925181-f1b9eb4c-e9be-4b55-9c1b-29622a83e58d.png\">\r\n", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1423364990, "label": "`max_signed_tokens_ttl` setting for a maximum duration on API tokens"}, "performed_via_github_app": null}