search

jfrog / jfrog-cli

JFrog CLI is a client that provides a simple interface that automates access to the JFrog products.
https://www.jfrog.com/confluence/display/CLI/JFrog+CLI
Apache License 2.0
531 stars 234 forks source link

Change default expiry for access token creation #1763

Open DavidRadoorHummel opened 1 year ago

DavidRadoorHummel commented 1 year ago

Hello,

When attempting to create an access token:

jf rt atc developeruser --expiry=5000 --server-id=devuser

If you're non-admin, you'll get the error:

{
  "error": "invalid_request",
  "error_description": "The user: 'developeruser' can only create user token with expires in larger than 0 and smaller than 3600 seconds (requested: 5000)"
}

This threshold of 3600 seconds seems arbitrarily defined and is not in reference to any system configuration in Artifactory. In this concrete example, developeruser can create identity tokens with a default expiry of 31 days (2,678,400 seconds).

In our use-case a max value of 3600 is worthless - is there a way to increase the threshold? Is there a setting in Artifactory that we somehow missed? Or is this a limitation of JFrog CLI?

Best regards David

gangefors commented 1 year ago

Please reevaluate the reason for having the max expiry access token value as a constant set to 3600 seconds.

There should be no reason to even limit this value in the CLI client since the Artifactory instance it is communicating with will limit expiry based on the system configuration.