Don't expire tokens by default

Question

Don't expire tokens by default

Opened this issue 9 years ago · 4 comments

We should provide an API for cycling tokens instead of expiring them after 14 days.

Answer 1 · 2016-03-02T14:48:48.000Z

It would be nice to have something like google where you have a token for each session and you can expire them individually

Answer 2 · 2016-03-02T16:11:43.000Z

What's the value in that, and how would that work?

Answer 3 · 2016-03-02T17:53:08.000Z

Value is you can track individual device sessions, so you know what was done by which device. As for implementing it, users could have_many session tokens, instead of just the one.

Answer 4 · 2016-03-02T18:49:44.000Z

That would be sweet actually, then we can manage authentication tokens within an engine model instead of shimming authentication_token onto the existing user model. Let's do that.