Invalidate REST API token

chris1 · June 3, 2020, 12:49pm

Description

Hi! Is there a possibility to automatically invalidate access tokens after a period of time? I am talking about rc_token which gets set as a cookie once logged in. Even if I set the “Login expiration in days” to 1 in the Admin settings, I can still do REST API calls indefinitely after 1 day by setting the X-Auth-Token to whatever the rc_token was.

I came across this “official” answer from a Rocket.Chat employee saying Currently the authentication tokens obtained via the Rocket.Chat REST API have no expiration date. (Rocket.Chat) Never expire auth token - Stack Overflow

I wonder if that changed somehow during the last 3 years can anyone help?

Topic		Replies	Views
Increasing authentication token length and changing expiry time Community Support	1	1421	February 15, 2021
Auth token refresh rate? Community Support	2	576	July 22, 2022
Cookie problem in REST API Community Support	3	2828	May 30, 2018
App login expires Community Support	1	1419	August 25, 2021
Permanent Auth Tokens Community Support	0	540	June 11, 2020

Join our Community Open Call tomorrow where we'll share more details regarding recent changes and answer questions about updating your workspace to the latest Rocket.Chat

Invalidate REST API token

Description

Related Topics