Support optional token expiration mechanism for service accounts
See recent discussion on the proposal to support optional token expiration for service accounts. This issue is to support an optional setting for top-level group owners or instance admins to enable optional token expiration, for service accounts only (other access token types will continue to require an expiration).
From a tiering perspective:
- Doesn't include service accounts and therefore no changes needed here
- Access tokens will have lifetime limits enforced as of %16.0 (this has already been completed, with tokens with no date set, now set to expire in June 2024). This applies to all tiers.
- Service Accounts have 1 year max token lifetime by default
- Admin/group owner can opt out of lifetime limits for Service Accounts only
- Service Accounts have 1 year max token lifetime by default
- Admin/group owner can opt out of lifetime limits for Service Accounts only
- Admin/ group owner can set maximum Service Account token lifetime length policy (this can occur via Migrate group-level PAT expiry setting from Gro... (#415756) and is not part of this issue)
From the version perspective: -
self-managed The setting is available in Application Settings for admin to opt out of lifetime limits for Service Accounts only
~SaaS The setting is available on group level for admin/group owner to opt of life time limits for Service Accounts only.
Edited by Smriti Garg