authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

Expiry date for API tokens not honored

Open williamhatcher opened this issue 9 months ago • 3 comments

Describe the bug The expiry date input is ignored when creating or modifying an API token.

To Reproduce Steps to reproduce the behavior:

  1. Create a token, (I chose API Token)
  2. Ensure "Expiring" is checked
  3. Change the date or time in the "Expires on" field to a valid date in the future
  4. Save
  5. Observe that the "Expiry date" column shows a date 30 minutes in the future regardless of date selected earlier.

Expected behavior The expires on field in the table shows the selected date/time (if valid)

Screenshots If applicable, add screenshots to help explain your problem.

Logs Output of docker-compose logs or kubectl logs respectively

Version and Deployment (please complete the following information):

  • authentik version: [2025.2.4]
  • Deployment: docker-compose

Additional context Add any other context about the problem here.

williamhatcher avatar Apr 15 '25 20:04 williamhatcher

Added authentik version and deployment.

williamhatcher avatar Apr 16 '25 15:04 williamhatcher

May not be a bug since the original implementation purposefully prevented tokens with API purpose to have their expiration overridden, but just pinning this issue. We're discussing this internally and will get back here with next steps.

rissson avatar Apr 16 '25 15:04 rissson

I'm experiencing this myself. It breaks API access from other services when the token is stored as a Docker Secret and used as an environment variable, like Homepage's Authentik widget, as an example. A token set for an expiration of, say, 12/31/2025 11:59 PM, is just rotated constantly and no longer valid for these services to use.

captainzonks avatar Jul 22 '25 13:07 captainzonks