search

ncsa / oa4mp

Open Authorization for MyProxy
https://oa4mp.org/
Other
7 stars 10 forks source link

Unused client cleanup deleting in-use clients #156

Closed bbockelm closed 2 months ago

bbockelm commented 7 months ago

In the scitokens-oauth2-server default configuration, we have the following:

        <unusedClientCleanup gracePeriod="6 hr"
                             deleteVersions="false"
                             enabled="true"
                             interval="4 hr">
          <whitelist>
             <clientID>localhost:template</clientID>
          </whitelist>
        </unusedClientCleanup>

The intent of this block is "if there is a client that has never been used, then delete it from the database". However, after testing, it appears that this simply deletes the clients after 6 hours (potentially it's after 6 hours of no use?).

jjg-123 commented 5 months ago

Superceded by Upkeep facility. See https://github.com/ncsa/security-lib/issues/34