Oc_authtoken Expiry

rabdou · January 7, 2022, 3:48pm

How long does it take before an Authtoken expires? I’ve looked around through the Nextcloud doc and could not find anything about the expiry of generated app passwords, but when I looked through the database table oc_authtoken I saw an expires field which is set to null. How is this field being updated and used?

ex.
last_activity: 1641481385
last_check: 1641481385
scope: NULL
expires: NULL

We want to ensure that these tokens expire to limit our security risks. I planned to run a script that reads the oc_authtable and revoke these tokens after six months of the creation date and wondered if there was a more straightforward way of doing it via Nextcloud directly instead of the DB.

rriemann · July 17, 2023, 7:23pm

Hey @rabdou ,

what have you find out? I have the same concern.

tflidd · March 21, 2024, 12:13pm

that means for all your clients, every 6 months, you need to create new access tokens.

As a user, you can see in the security settings all of your tokens and when they were used for the last time. You can then just delete old tokens.

To do such things globally, I haven’t found an option to do this automatically.