iam
iam copied to clipboard
indigo-iam
IAM should highlight how long a client has not been used
This introduces the need of track a "last-used" information for a client (last token issued, last userinfo/introspection call, etc.).
I would rather give an administrator the opportunity to search for such clients and then delete them
Ok, it makes sense. In any case, he needs more information in order to identify the unused ones. Instead of deleting them, IAM could highlight them to the administrator.
Now that we have a draft PR, we should define well what "used" means: some access via the client credentials is done? the client fields are changed via the dashboard or via the API? something else?
Probably it makes sense to track when a new access token is issued for a client but not all the times such access token is used to access the API. I would also track whenever the client details are updated. What do you think?
Also, I decided to track the date of last use, not the full timestamp, as it may be faster to store a less precise time indication and we don't need ms precision. Do you think it makes sense?
Probably it makes sense to track when a new access token is issued for a client but not all the times such access token is used to access the API. I would also track whenever the client details are updated. What do you think?
We can start with those cases and, if needed, extend the list in the future.
Also, I decided to track the date of last use, not the full timestamp, as it may be faster to store a less precise time indication and we don't need ms precision. Do you think it makes sense?
I don't think it makes much sense, not without an actual profiling. I even suspect that extracting the date from the timestamp is actually more work.