lifetime duration apparently not applied to login token expiry
Closed this issue · 7 comments
i specify 30 days in the login command but the output reports a 7-day lifetime.
Docs say: The duration the token should be valid for (example usage: 24h, 1d, 600s, etc.)
$ aptible login --lifetime=30d
Email: me@example.com
Password:
Token written to /home/me/.aptible/tokens.json
This token will expire after 7 days (use --lifetime to customize)
i don't know if this means it didn't affect the token, or that it didn't affect the output.
0.7.3
Hi,
We limit token expiry to 7 days server side when 2FA is enabled, so you won't be able to go over this.
Cheers,
@smcoll Sure; I was hoping to help you out and answer your question here (since you seemed to be asking whether the token or the output was affected); I did not mean to imply this was ideal.
That being said, I think it's reasonable to expect that there's a limit to how long your token will be valid for (just as you'd expect your session not to last indefinitely when logging in to a website), so surely you'll agree it's reasonable for this not to be the highest priority here.
Cheers,
@krallin i have no opinion about the prioritization of the issue nor about limitations on the lifetime. Only about the user experience.
i don't have 2FA enabled for my account; what should be the expected behavior in that case?
i don't have 2FA enabled for my account; what should be the expected behavior in that case?
I'm sorry, I misspoke, the 1 week limitation actually applies to all tokens. 2FA causes the default expiry of the token to change to 12 hours, but the actual limitation (1 week) doesn't change.
OK, so the default duration of 7 days is the max duration, and can be limited by the lifetime option.
Yes; unless you're using 2FA, in which case the default is 12 hours (increasing this is the raison-d'être for this particular flag).