Developer Tokens - Auto Expire?

LiamKenyon

The issue

Do developer tokens expire? As I'd like if possible a way to make them expire after X amount of time or the ability to delete all etc...

Just from a security standpoint if one developer token was leaked we could delete them all etc...

clarkwinkelmann

Developer tokens don't expire, but can be manually deleted from the security page of the user settings.

The extension API exists to create new kinds of tokens, so an extension could absolutely provide tokens with either a fixed or customizable expiration date.

If you have a use case for short-lived tokens, you might want to hit the Flarum REST API and manually create a regular session token that will expire in a few hours if it stops being used https://docs.flarum.org/rest-api#access-tokens