Skip to content

Add last used timestamp for personal access tokens #14884

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gtsiolis opened this issue Nov 23, 2022 · 2 comments
Open

Add last used timestamp for personal access tokens #14884

gtsiolis opened this issue Nov 23, 2022 · 2 comments
Labels
aspect: security Anything related to preventing vulnerabilities component: dashboard feature: public-api Issues relating to Public API meta: never-stale This issue can never become stale needs visual design type: improvement Improves an existing feature or existing code

Comments

@gtsiolis
Copy link
Contributor

Problem to solve

Following the work in #14280 and the relevant RFC (internal), the personal access tokens currently do not store or surface the last used timestamp which is usually a best practice for access tokens.

See also relevant discussion (internal). Cc @easyCZ
@gtsiolis gtsiolis added component: dashboard aspect: security Anything related to preventing vulnerabilities needs visual design type: improvement Improves an existing feature or existing code feature: public-api Issues relating to Public API labels Nov 23, 2022
@easyCZ
Copy link
Member

easyCZ commented Nov 23, 2022

When we implement this, we should store the data in a separate table which contains (Token ID, LastUsed) as fields. We would expect this table to be hit hard - on every API request to perform the update.

The update of last used must be non-blocking, and perhaps we should consider only storing the "date" of when it was last used and performing a conditional update on the data, instead of storing the full timestamp. Batching up the updates might also make sense to alleviate db load.

Another approach is to store this entirely in a cache, and update the LastUsed db entries on some interval.

@stale
Copy link

stale bot commented Mar 18, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@mustard-mh mustard-mh added the meta: never-stale This issue can never become stale label Mar 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
aspect: security Anything related to preventing vulnerabilities component: dashboard feature: public-api Issues relating to Public API meta: never-stale This issue can never become stale needs visual design type: improvement Improves an existing feature or existing code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gtsiolis @easyCZ @mustard-mh