To make the JFrog access tokens as secure as possible, there are a few pre-configured values that JFrog uses out-of-the-box that ensure that tokens are managed and can only be used for the right purposes:
Scope: If the token scope is a user or a group, you must ensure that that user or group exists on all servers in the circle of trust.
Revocability: For security purposes, the JFrog Platform is deployed with default configurations that set every token to be revocable. However, revocable tokens do not work in a circle of trust. This is because revocable tokens are validated against the Access database; with a circle of trust each instance has its own database. Therefore, if a token created in one instance cannot be against the database of another (i.e., the system will assume the token has been revoked, and the authentication will fail).
Token type: The following types of tokens are not supported in a Circle of Trust:
Reference tokens are not supported in a circle of trust (they always require the token to be in the instance’s database).
UI-generated tokens: Tokens created via the User Profile page are reference tokens and are not supported in a circle of trust.
Duration: Because the supported tokens must be defined as non-revocable, Circle of Trust tokens must have an expiry that is less than the
revocable-expiry-thresholdparameter set in theaccess.config.yaml(you can see the default in the access.config.yaml). Be aware that this threshold has a special value "-1"; when set, all the tokens that have an expiry will be non-revocable. This setting is more comfortable to use in a Circle of Trust but it is less secure (as the expiry might be set for years).
Limitations
By default, only the issuing instance can refresh a token. For synchronizing tokens across services, see Access Federation.