© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
I will also like to get this fixed. And from above discussion, I cannot see what is the final approach recommended for this issue.
Is the plan to use same token id with updated expiry if there is a valid active token with matching scope exists for that user/client? That will work for most part. One possible concern with this can be that a given token id can be re-used for multiples of token expiry duration. May be we can limit this so that there is a predictable behavior around this.
I mean..for successive authentication request with same credentials and scope, return existing active token if there and extend the expiry (= current_time + expiry_duration). If authentication request happens after one complete expiration (token_create_time + expiry_duration < current_time ), issue a new token id otherwise use current active token. This way, the proliferation of token ids can be limited and a specific token_id will be valid for maximum of 2 configured expiry duration.
I like the configurable approach so that it can be turned on based on operator preferences.