Syncplicity Support

Search our knowledgebase to get the help you need, today

Follow

Storage access tokens do not expire if accessTokenTTL is set to zero

Problem

Storage access tokens do not expire if you set the value of the syncplicity.storageVaultAuthentication.accessTokenTTL property to zero.

Cause

The time to live (TTL) period for authentication tokens was defined through property syncplicity.storageVaultAuthentication.shortAccessTokenTTL in the /etc/syncp-storage/syncp-storage.yml file. Value 0 (zero) set to the property means no expiration for tokens. If it is set at syncplicity.storageVaultAuthentication.accessTokenTTL=0, the authentication tokens will not expire, even if you change the value of the property later.

Solution

Do not set the values of properties syncplicity.storageVaultAuthentication.accessTokenTTL and syncplicity.storageVaultAuthentication.refreshTokenTTL to zero.
To expire all previously issued tokens, edit the /etc/syncp-storage/syncp-storage.yml file and change one of the following properties:

  • Change the key which is used to sign SVA Tokens. Path to the key is set in property syncplicity.storageVaultAuthentication.keyFile.
  • Change the value of property syncplicity.storageVaultAuthentication.tokenEmission as the value of this property is used as a salt for every issued Storage Access and Storage Refresh token, all previously used tokens become invalid. All tokens issued with a different salt will become invalid whenever you change this value.
Powered by Zendesk