rill icon indicating copy to clipboard operation
rill copied to clipboard
verified publisher icon rilldata

Reduce runtime access token TTL to 30 mins by default

Open begelundmuller opened this issue 1 year ago • 0 comments

  • Sets the TTL of JWTs issued for the UI and CLI to 30 minutes
    • This TTL can be overridden if necessary using the new access_token_ttl_seconds parameter for the AdminService.GetProject API
  • Keeps the default TTL of JWTs issued for embedding at 24 hours
    • This is necessary since embedders with low-risk use cases won't implement in-browser refresh, and users may keep a tab open for several hours or longer
    • Security conscious embedders should implement in-browser token refresh and set a lower TTL
    • This TTL can be overridden by embedders using the ttl_seconds parameter for the AdminService.GetIFrame API

This PR should not be merged until https://github.com/rilldata/rill/issues/3876 is closed.

This PR closes https://github.com/rilldata/rill-private-issues/issues/115.

begelundmuller avatar Feb 15 '24 14:02 begelundmuller