IdentityServer3 icon indicating copy to clipboard operation
IdentityServer3 copied to clipboard

Published 20 hours ago verified publisher icon IdentityServer

Token throttling & cleanup

Open leastprivilege opened this issue 9 years ago • 2 comments

braindump:

  • for code flow: allow configurable amount of concurrent (non redeemed) code in the DB for subject/client combination.
  • deny new codes

— reference tokens:

  • optional upper limit of reference tokens per client/subject combination
  • deny new tokens

— cleanup

  • query if a token type exceeds the threshold (and tokens are still valid) - delete the expired ones?

leastprivilege avatar Feb 28 '15 10:02 leastprivilege

I would also add having an option that would allow a user to manage reference tokens so that they could remove one to continue the current authorization. In my implementation based on a home rolled OAuth2 I also allowed the user to name the reference token to facilitate later removal.

wiseman13 avatar May 07 '15 08:05 wiseman13

Whatever became of this? Do you plan on doing token clean up, or is this something that's expected that it's done in the token service?

JoeFairchild avatar Sep 26 '17 17:09 JoeFairchild