Storage access tokens do not expire if accessTokenTTL is set to zero

Problem

Storage access tokens do not expire if you set the value of the syncplicity.storageVaultAuthentication.accessTokenTTL property to zero.

Cause

The time to live (TTL) period for authentication tokens was defined through property syncplicity.storageVaultAuthentication.shortAccessTokenTTL in the /etc/syncp-storage/syncp-storage.yml file. Value 0 (zero) set to the property means no expiration for tokens. If it is set at syncplicity.storageVaultAuthentication.accessTokenTTL=0, the authentication tokens will not expire, even if you change the value of the property later.

Solution

Do not set the values of properties syncplicity.storageVaultAuthentication.accessTokenTTL and syncplicity.storageVaultAuthentication.refreshTokenTTL to zero.
To expire all previously issued tokens, edit the /etc/syncp-storage/syncp-storage.yml file and change one of the following properties:

  • Change the key which is used to sign SVA Tokens. Path to the key is set in property syncplicity.storageVaultAuthentication.keyFile.
  • Change the value of property syncplicity.storageVaultAuthentication.tokenEmission as the value of this property is used as a salt for every issued Storage Access and Storage Refresh token, all previously used tokens become invalid. All tokens issued with a different salt will become invalid whenever you change this value.

Related Links