Problem
Storage access tokens do not expire if you set the value of the syncplicity.storageVaultAuthentication.accessTokenTTL
property to zero.
Cause
The time to live (TTL) period for authentication tokens was defined through property syncplicity.storageVaultAuthentication.shortAccessTokenTTL
in the /etc/syncp-storage/syncp-storage.yml
file. Value 0 (zero) set to the property means no expiration for tokens. If it is set at syncplicity.storageVaultAuthentication.accessTokenTTL=0
, the authentication tokens will not expire, even if you change the value of the property later.
Solution
Do not set the values of properties syncplicity.storageVaultAuthentication.accessTokenTTL
and syncplicity.storageVaultAuthentication.refreshTokenTTL
to zero.
To expire all previously issued tokens, edit the /etc/syncp-storage/syncp-storage.yml
file and change one of the following properties:
- Change the key which is used to sign SVA Tokens. Path to the key is set in property
syncplicity.storageVaultAuthentication.keyFile
. - Change the value of property
syncplicity.storageVaultAuthentication.tokenEmission
as the value of this property is used as a salt for every issued Storage Access and Storage Refresh token, all previously used tokens become invalid. All tokens issued with a different salt will become invalid whenever you change this value.