Closed penberg closed 1 year ago
Right now the options for expiration are "none" and "default". If "none" is the new default, then what are the options going to be?
We do the current way because non-expiring tokens require extra care.
We could add a prompt or warning telling them that. I don't want a CLI cluttered with too many of those. But maybe we're not there yet.
The problem is that using expiring token without realising it causes a serious troubles. Switching non-expiring token to expiring usually does not cause down time. Token expiring in the middle of the night causes an incident.
So in fact expiring tokens require extra care or you may experience down time of your system and real loss for your business. non-expiring tokens are less secure but that's still better than your service/app stopping to work suddenly. Unless we have refresh tokens, non-expiring tokens is probably what most people will be using. Manually refreshing tokens is just too much pain.
I don't see much downside in non-expiring tokens by default because you can always turso db tokens invalidate
if you leak one.
@CodingDoug The options for --expire
should probably be never
(default) and some human readable time duration, for example "7d" or something.
I was taking a look at this one, but after doing some tests, I think it depends on some changes in the API too, right?
I did a quick look there and I didn't find an issue about it, should I create it?
I created on here https://github.com/chiselstrike/iku-turso-api/issues/385 @StefanoSaffran
People will run
turso db tokens create
, which expires by default. Let's make a non-expiring token by default.