Closed
Description
Some time last year we introduced optional expiration periods for API tokens. One caveat of the existing system is that users don't get notified when their tokens expire and they have to proactively monitor this if they use expiration.
In our team meeting on Friday we discussed how we could improve the situation and one idea was to automatically send out warning emails when an API token expires.
As #6664 (comment) states, such emails are seen as a requirement before we can change the default expiration setting on the API token creation page.
A couple of open questions:
- When should we send these emails? At the time when the token expires? A week before? A day before?
- Should we offer a way to create a new token based on the settings from an existing token?
- Should we use a feature flag while testing this out on the staging environment?
In terms of implementation:
- We will probably need to track for what tokens we have sent out warnings already. One way to do this would be to add another column to the
api_tokenstable. - A new background job could then be implemented that scans the
api_tokenstable for tokens that have expired (or are going to expire) and where a warning has not been sent yet, and then sends out such a warning email.
Metadata
Metadata
Assignees
Type
Projects
Status
For next meeting