Option to let SSO logins expire at specific time instead of a time-delta (or more flexible conditions).

[dudechem-rf]

Is your feature request related to a problem? Please describe. The time-delta based sso expiration option means that the reauth is enforced depending on the last time an authentication was done.

So in a work environment example: A person starts the computer at day 1 at 8.15 am and connects. On day 2 starts at 8 am and connects without reauth, but suddenly loses connection at 8.15 am and then needs to reauth. (if "expires in" is set to 24h, but other fixed time deltas just shift this problem). On day 3 starting at 8.30 am the reauth then has to happen at computer start. day 4 starting at 8 am, no reauth, suddenly looses connection at 8.30 am. I think those differences in user experience are quite inconvenient.

Describe the solution you'd like It would be great if the expiration could alternatively be set to a specific fixed time (e.g. always in the middle of the night; maybe bound to a more complex condition like: only if the last login didn't happen 8h before)

[saule1508]

it would be good to force a re-auth from the client. So when you start working in the morning, you would force a re-auth and be good for the whole day

[ddcguy]

Was just thinking about this type of option yesterday after a user complained that he didn't realize he was logged out in the middle of the work day.

[ben-nrth]

Adding my own uptick for such a feature. We have document management software that communicates to a server over Netbird, which integrates with Word/Outlook etc. If the connection goes down while the DMS is communicating with the server, Word/Outlook etc crashes. Not the fault of Netbird by any means, but the ability to reauth at either a set time every morning so there's no expiry during the work day, or for reauth windows to appear 1 hour before the token expires would help deal with the issue.