Recommended Configurations

JFrog REST APIs

Content Type
REST API
ft:sourceType
Paligo

The following configurations in the ‘access.config.yml’ will apply the configuration changes required for the API.

Note

  • If expiry is forced but expires_in was not provided in the request, the default expiry shall be set.

  • An admin can restrict user identity tokens refresh-ability (i.e., disallow creating as refreshable)

default-expiry

  • The default expiry period in seconds, this is the token expiry when the expiry is set to null.

  • When set to zero, default expiry is not forced.

  • Must be non-negative.

  • Must comply with ('max-expiry' >= 'default-expiry').

  • Default value: 1 year

max-expiry

  • The max possible expiry of non-admin tokens.

  • When the value is bigger than zero - non-expirable tokens are forbidden and the user's token expiry will be limited to the max expiry value.

  • When the value is zero - the user's token can be non-expirable and the token’s expiry will not be limited with a higher boundary.

  • Must be non-negative.

  • Must comply with ('max-expiry' >= 'default-expiry').

  • Default value: 0

allow-refreshable

  • When disabled, all the user tokens will be created as non refreshable.

  • Default: true

‘access.config.yml’ Example:

token:
  default-expiry: 31536000
  max-expiry: 0
  allow-refreshable: true