> * What is the expiration period? Or, can we set the expiration date ourselves?
What expiration do you mean? The buildroot override setting that save_override() gives access to is really unrelated to authentication and you probably don't need it if you didn't need it before. If you mean when OpenID auth will be removed from the server, I'm not sure. I guess we can give something like 6 months for people to upgrade to OIDC, but if there are blockers with this upgrade I'd be happy to help make the transition. > * Can we use multiple tokens in parallel to ease the transition before the > expiration? Or, in other words, is the token revoked once we generate a new > one? If not, can we revoke it? Yes, you can have multiple tokens. To remove a token, I don't have a clear procedure, I'd need to have a look at Ipsilon's docs/code to see how it should be done. Basically when you login you get two tokens, one "access token" and one "refresh token". The access token is short lived (like an hour I think) and is what the bodhi client will transmit to the bodhi server. When it expires, the bodhi client will send the "refresh token" to ipsilon to get a new access token. The refresh token is long-lived (months I think), but will only be communicated to ipsilon, not to Bodhi or any other apps. When the refresh token expires, the bodhi client will ask the user to re-authenticate. There is currently no process to automate that as far as I can tell, so you may need to update the JSON file a couple times a year (I'm not sure how long those tokens live in prod, I need to check). It's somewhat like renewing a certificate. Cheers! Aurélien _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
