The GitHub Actions job "CodeQL" on ofbiz-framework.git/trunk has failed. Run started by GitHub user asfgit (triggered by asfgit).
Head commit for run: 88c5106fef4e80cf089ed1ba0f00ae7026df0d15 / Jacques Le Roux <jacques.le.r...@les7arts.com> Improved: Authentication refresh token mechanism feature (OFBIZ-13212) The refresh token validity is set to 84,600 seconds, ie almost a day (23,5 hours). That sound too much to me. I believe 8 hours, or even less, would be enough. People are rarely straight working more on a Single-Page Applications (SPAs) or a mobile application which are mostly what the consumers of ID tokens do as explained by https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/#Token-Types For security reason, this sets security.jwt.refresh.token.expireTime to 28800 seconds, ie 8 hours. Report URL: https://github.com/apache/ofbiz-framework/actions/runs/14690175379 With regards, GitHub Actions via GitBox
