To make the JFrog access tokens as secure as possible, there are a few pre-configured values that JFrog uses out-of-the-box that ensure that tokens are managed and can only be used for the right purposes:
Scope: If the token scope is a user or a group, you must ensure that that user or group exists on all servers in the circle of trust.
Revocability: For security purposes, the JFrog Platform is deployed with default configurations that set every token to be revocable. However, revocable tokens do not work in a circle of trust. This is because revocable tokens are validated against the Access database; with a circle of trust each instance has its own database. Therefore, if a token created in one instance cannot be validated against the database of another (i.e., the system will assume the token has been revoked, and the authentication will fail).
To ensure tokens are non-revocable, use expiration thresholds in one of the following ways:
On each server, give the token used for the Circle of Trust an expiry that is less than the value of the revocable-expiry-threshold parameter in the access.config.yaml file.
On all servers in the Circle of Trust, set revocable-expiry-threshold to -1 in the access.config.yaml file . This parameter value makes all tokens with a defined expiry non-revocable. This is easier to implement and maintain, but it is less secure (for example, if the expiry is set to years).
For consistent, reciprocal authentication with either method, define the same value for revocable-expiry-threshold on all servers in the Circle of Trust.
Note
To enable the use of revokable tokens in Circle of Trust, set up Access Federation in your environment.
Token type: The following types of tokens are not supported in a Circle of Trust:
Reference tokens are not supported in a circle of trust (they always require the token to be in the instance’s database).
UI-generated tokens: Tokens created via the User Profile page are reference tokens and are not supported in a circle of trust.
Limitations
By default, only the issuing instance can refresh a token. For synchronizing tokens across services, see Access Federation.