the-control-group
Add a worker package for expiring/forcing rotation of authorizations & grant secrets
A big (and growing) part of security is risk prediction and preemption. With AuthX, it is good practice to revoke likely leaked, long-unused, or suspicious authorizations and grant secrets. Of course, these rules are all specific to the application and organization use cases, so instead of implementing every conceivable strategy here (impossible) and providing a host of config options (messy) we should just provide a sample plugin which collects basic metadata and revokes keys based on simple criteria like "revoke authorizations of human users that have gone unused for more than 30 days." Real-world applications could follow this pattern and use whatever additional information is available to them, given their context.
