To make the JFrog access tokens as secure as possible, there are a few pre-configured values that JFrog uses out-of-the-box that ensure that tokens are managed and can only be used for the right purposes:
Scope: If the token scope is a user or a group, you must ensure that that user or group exists on all servers in the circle of trust.
Revocability: For security purposes, the JFrog Platform is deployed with default configurations that set every token to be revocable. However, revocable tokens do not work in a circle of trust. This is because revocable tokens are validated against the Access database; with a circle of trust each instance has its own database. Therefore, if a token created in one instance cannot be validated against the database of another (i.e., the system will assume the token has been revoked, and the authentication will fail).
Note
To enable the use of revokable tokens in Circle of Trust, set up Access Federation in your environment.
Token type: The following types of tokens are not supported in a Circle of Trust:
Reference tokens are not supported in a circle of trust (they always require the token to be in the instance’s database).
UI-generated tokens: Tokens created via the User Profile page are reference tokens and are not supported in a circle of trust.
Duration: Because the supported tokens must be defined as non-revocable, Circle of Trust tokens must have an expiry that is less than the
revocable-expiry-thresholdparameter set in theaccess.config.yaml(you can see the default in the access.config.yaml). Be aware that this threshold has a special value "-1"; when set, all the tokens that have an expiry will be non-revocable. This setting is more comfortable to use in a Circle of Trust but it is less secure (as the expiry might be set for years).
Limitations
By default, only the issuing instance can refresh a token. For synchronizing tokens across services, see Access Federation.