Generate Expirable Tokens

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

Important

When creating a token, if the token expiry is set to a value smaller than the revocable-expiry-thresholdparameter specified in the Access YAML Configuration , the token will be non-revocable.By default, the value of therevocable-expiry-threshold parameter is set to 6 hours.Access YAML Configuration

For example, if you set an expiry that is less than 6 hours, the token will not be revocable until it expires naturally.

You can limit the validity period of a token by setting the expiry time when generating a token. If set, the token will be valid until the expiration time will pass.

You can also set a token to be non-expirable by setting the expiry to zero, in which case it will be valid indefinitely until actively revoked.

This value is set by using the "expires_in=<VALUE_IN_SECONDS>" parameter when generating the token (see example in REST API section below). If not used the default value will be 3600 meaning your token will be valid for one hour.

Artifactory Administrator Only

  • Only an Artifactory administrator can change the validity period of a token to any value.

  • Non-admin users can only set the token validity period to a value that is equal or less than the maximum allowed value set by the admin.

  • From version 7.21.1, this can be specified by setting the token.max-expiry parameter in the$JFROG_HOME/artifactory/var/etc/artifactory/access.config.latest.yml file (prior to version 7.21.1, the parameter to set was artifactory.access.token.non.admin.max.expires.in).

  • If the token.max-expiry is equal to 0 (which is the default), there is no limitation to the token expiry. However, if the maximum expiry is greater than 0, the user cannot create a non-expirable token.

  • Thetoken.max-expiry parameter must be set to a value higher than the token.default-expiry parameter value.