Skip to content

Expire authentication tokens #7140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 9, 2025
Merged

Expire authentication tokens #7140

merged 1 commit into from
Sep 9, 2025
+118 −24

Conversation

link2xt
Copy link
Collaborator

@link2xt link2xt commented Aug 30, 2025
edited
Loading

Based on #7116.
Depends on #7176
Closes #7111

Currently we have tokens table which stores invite tokens and auth tokens. Tokens are indexed by foreign_key (group ID or empty string in case of contact setup QR codes) and normally there is only one token unless token has been synced from another device.

With this change we generate a new auth codes each time QR code is shown. Each auth token has a timestamp, and 10 minutes later it is considered expired. Expired auth token still works for joining groups, but does not result in verification on Alice's side.

To clean up auth tokens eventually we have a PR #7176 that changes how we reset QR codes. Once one QR code is reset, all related tokens are removed.

@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch from 701dafe to 30a434b Compare August 31, 2025 20:28
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch 2 times, most recently from e8ff198 to 071b35a Compare August 31, 2025 20:33
@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch 2 times, most recently from b6d01bd to 0b8c3ca Compare September 1, 2025 15:01
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch 2 times, most recently from 54eb0b1 to 18c5fb0 Compare September 1, 2025 15:58
@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch 2 times, most recently from 904e5a3 to d8c237b Compare September 1, 2025 16:16
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch from 18c5fb0 to 3e6c621 Compare September 1, 2025 16:16
@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch from d8c237b to 6d9ce24 Compare September 1, 2025 16:28
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch 2 times, most recently from 0310a22 to 1e9c0e9 Compare September 1, 2025 16:56
@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch from 6d9ce24 to b91322a Compare September 1, 2025 16:56
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch from 1e9c0e9 to 9af5cbe Compare September 1, 2025 20:48
@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch 2 times, most recently from 49f6b8d to 83a9265 Compare September 2, 2025 01:38
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch from 9af5cbe to 2c3004d Compare September 2, 2025 01:38
@link2xt link2xt mentioned this pull request Sep 2, 2025
Closed
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch from 2c3004d to 5d35ac2 Compare September 2, 2025 18:30
@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch 2 times, most recently from 45c2c57 to 8886ac4 Compare September 2, 2025 19:28
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch 2 times, most recently from 6f67e0e to cb19c82 Compare September 2, 2025 19:59
@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch from 8886ac4 to c64ea59 Compare September 2, 2025 19:59
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch from cb19c82 to 297d6aa Compare September 2, 2025 20:09
@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch from c64ea59 to 9086f0f Compare September 2, 2025 20:09
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch from 297d6aa to d69155e Compare September 2, 2025 20:14
@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch from 9086f0f to 1871031 Compare September 2, 2025 20:14
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch from d69155e to 273c547 Compare September 2, 2025 22:06
@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch from 1871031 to f5d3f7f Compare September 2, 2025 22:47
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch 4 times, most recently from 0f1c10f to 10b2b85 Compare September 3, 2025 03:48
@link2xt link2xt mentioned this pull request Sep 4, 2025
Merged
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch from 10b2b85 to b09bf6c Compare September 4, 2025 19:28
@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch 2 times, most recently from 4b85764 to f035394 Compare September 4, 2025 19:47
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch 6 times, most recently from 23b03d3 to 1c52a19 Compare September 8, 2025 03:34
@link2xt link2xt force-pushed the link2xt/ykltkokxntvk branch from f035394 to 9225ad2 Compare September 9, 2025 01:45
@link2xt link2xt force-pushed the link2xt/expire-auth-tokens branch from 1c52a19 to 025d9f1 Compare September 9, 2025 01:45
@link2xt link2xt marked this pull request as ready for review September 9, 2025 02:18
@link2xt link2xt merged commit 025d9f1 into link2xt/ykltkokxntvk Sep 9, 2025
30 of 46 checks passed
@link2xt link2xt deleted the link2xt/expire-auth-tokens branch September 9, 2025 02:19
@link2xt
Copy link
Collaborator Author

link2xt commented Sep 9, 2025

This is merged into parent PR, not main

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@link2xt