Project

General

Profile

Actions
Copy link

Bug #25725

open

API account expiration timezone should be explicit

Added by Clark ANDRIANASOLO about 1 month ago. Updated 15 days ago.

Status:
New
Priority:
4
Assignee:
-
Category:
Security
Target version:
8.1.9
Pull Request:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
I hate Rudder for that
User visibility:
Effort required:
Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

Currently the timezone of the expiration date of the API account is not specified and we have no way to know at which time it really expires unless going in event logs and open technical details (see #25723) :

Also I did not change the default expiration date which should be 1 month after the creation of the account but which has now 1 more hour because it has a different timezone; the UTC+1 timezone comes out of nowhere since I have a UTC+3 server, and a UTC+2 browser.

Also when receiving API accounts via the REST API, the expiration date does not have a ISO8601 which makes it even unclear in which timezone we are reasoning :

We should add explicit time both on the browser, visible (but not editable) by the user, and in the API.

Files

Download all files
clipboard-202410231541-t2ue0.png (33.1 KB) clipboard-202410231541-t2ue0.png Clark ANDRIANASOLO, 2024-10-23 15:41
clipboard-202410231541-5dd1c.png (54.9 KB) clipboard-202410231541-5dd1c.png Clark ANDRIANASOLO, 2024-10-23 15:41

Related issues 1 (1 open0 closed)

Has duplicate Rudder - Bug #21725: API token appears expired while it is not due to timezoneNewElaad FURREEDANActions
Actions
Copy link

Also available in: Atom PDF