Hey guys,
We’ve got a few consumers of our API stack internally, but the main one is a heavy user. Up to this point, I’ve always issued them a “permanent” API token, but a security audit has flagged this as a risk item.
Ideally, we’d want to have short-lived tokens (1-7 days) requested by the external application, but from what I’ve seen there is no setting to enforce this - the grant endpoint will let them set 5200 days if they request it via the lifespanDays parameter.
Is there an override setting in appsettings.json available for this? If not, I can open an enhancement for it.
Product: PowerShell Universal
Version: 4.2.21