Password expiration
longrunningprocess opened this issue · 2 comments
longrunningprocess commented
broker should calculate a password expiration datetime (UTC) and return in a password_expires_at_utc property in the User object. Passwords should expire 1 year from the datetime of the last password change. Configurability will come later if needed.
Baggerone commented
Also, have the broker block authentication for users whose password expired more than 30 days ago. (At least that's how our current Idp is working.)
longrunningprocess commented
looks like we do want configurability of both an expiration time frame and grace period day one, they will default to 1 year and 30 days respectively. @fillup