Hi, I am not seeing documentation that indicates what unit sonar.auth.token.max.allowed.lifetime should be. What unit is used? What is the expected value format? Seconds? Hours? Days? Something like the string 6mo?
Hey there.
This setting can only be configured via the UI, where the options are laid out pretty clearly.
This is not configurable outside these options.
If you are configuring this setting via the Web API, you would use a string (30 days, 90 days, 1 year, or No expiration) as the value provided to POST api/settings/set
That’s unfortunate for customers. We have the same need as JamesFromSiemens: to be able to specify our own value for token lifetime due to security policies. The “canned” set of values do not meet our requirements. There’s a weird “3 months” choice (???) and then a jump to “1 year”. We need a “6 months” choice at least, please, just likes the person linked above. I guess there’s some reason somewhere as to why this is being treated differently than something like sonar.web.sessionTimeoutInMinutes in sonar.properties.
EDIT: And thank you for the reply
@jblaine I don’t disagree with you, and to be frank I brought this up when we first implemented expiration dates for tokens (all the DevOps platforms we integrate with: GitHub, GitLab, Bitbucket, and Azure DevOps, all allow custom expiration dates, why don’t we?).
I will pass your feedback along and I hope it starts to gain some traction!
1 Like