[keystone] App Credential reactivation after reconnection is not immediate
23 Feb
2026
23 Feb
'26
4:53 a.m.
If you create a 24-hour credential application with a non-local user who has a 2-hour time-to-live (default_authorization_ttl), after 2 hours the TTL resets to 0 and the credential application stops working, which is expected. If the user logs back in, there's a waiting period before the credential application becomes functional again, and the same applies if the user want to create a new credential application. I've noticed that if the user leaves a group with member privileges, for example, their app credentials are immediately invalidated. The same behavior should occur when the user logs back in after the TTL expires.
0
Age (days ago)
0
Last active (days ago)
0 comments
1 participants
participants (1)
-
Vincent Godin