Comments (1)
aeneasr
commented on May 18, 2024
Under normal circumstances, rows in hydra_oauth2_access are not deleted within 5 minutes, as the default expiry for access tokens is at least an hour. Depending on the clean up strategy (e.g. using Ory Hydra Janitor), one can choose how much time should pass before these stale records are removed.
Cockroach TTL is in our view not the best solution here as our SQL migrations are immutable files. Operators however want to choose how long they want to keep these records on file as it is often used in forensic investigations around account takeover (Answering: "who issued which token at what time and used it for what?"). Since we don't know how long these recods should be kept, we can't set a fixed time for TTL, which would be the case with row level TTL. I'm sure there is a way to engineer around this, but we believe that the Janitor is good enough even for larger-scale environments.
from hydra.
Related Issues (20)
- `Dockerfile`: Remove `VOLUME` instruction
- `Dockerfile`: Remove `/etc/nsswitch.conf` workaround HOT 1
- Configure sensitive fields that should be redacted HOT 1
- Cannot sign up twice from the same client
- Reading cookie in cross-site context will be blocked in future Chrome versions HOT 7
- Add tracing headers (or cookies) to the "User login and consent flow" so login service and ui service can link their traces to hydra's traceparent HOT 1
- quickstart 5-min fails: permission denied
- cli: add access token strategy parameter HOT 1
- Calling end_session_endpoint with id_token_hint errors when JWK is rotated HOT 2
- UPGRADE.md is outdated and linked in release communications for 2.2
- Cannot exchange external OIDC ID token for Hydra access token due to `aud` claim handling in Hydra HOT 1
- cli: add `--id` parameter to the `create oauth2-client` command
- Assertions may be reused & dead lock
- Add `prompt=create` alias for `prompt=registration`
- Add scope strategy allowing different separator for prefixes, resources and verbs HOT 1
- Deletes are not getting committed on CockroachDB HOT 2
- /admin/oauth2/auth/requests/login returns 200 instead of 410 for a used login_challenge HOT 1
- Not able to perform simultaneous auth flows with the same client
- FATAL: no pg_hba.conf entry for host "xxx", user "hydra", database "hydra", no encryption (SQLSTATE 28000))
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hydra.