API token expiry warning emails #8154
Comments
Turbo87
added
C-enhancement ✨
I haven't seen this feature on other products and platforms. Do you have any examples we can refer to? Are you working on this? If not, do you mind me to take it and help implement it? |
can't think of one, but what I have in mind is a "Duplicate" button on each of the existing tokens that would take you to the "Create API token" page with the scopes from the other token filled in and a name of e.g. "XXX (Copy)".
Sure, go ahead! :) |
|
I'll follow up with the infra team on Zulip in regards to hardening our DMARC and SPF configurations in preparation for sending these emails. 🙂 |
|
I was too busy last week, but I will begin working on the design and implementation this week. |
GitHub has this feature, for instance: 
|
Some time last year we introduced optional expiration periods for API tokens. One caveat of the existing system is that users don't get notified when their tokens expire and they have to proactively monitor this if they use expiration.
In our team meeting on Friday we discussed how we could improve the situation and one idea was to automatically send out warning emails when an API token expires.
As #6664 (comment) states, such emails are seen as a requirement before we can change the default expiration setting on the API token creation page.
A couple of open questions:
In terms of implementation:
api_tokenstable.api_tokenstable for tokens that have expired (or are going to expire) and where a warning has not been sent yet, and then sends out such a warning email.The text was updated successfully, but these errors were encountered: