Content
Updated by Pavel Balashou 7 months ago
**As** an administrator
**I want to** have expiration times of access tokens stored and honored,
**so that** OpenProject does not cause HTTP 401 responses that could've been avoided and cause noise in monitoring and similar services.
**Acceptance criteria**
* When obtaining an `OpenIDConnect::UserToken`, store the expiration date as provided by the OAuth 2.0 token endpoint
* The `UserTokens::FetchService` should take that expiration date into account to judge whether a token is expired
* If the token endpoint does not indicate an expiration time, we assume that the token does not expire
* <br>
**I want to** have expiration times of access tokens stored and honored,
**so that** OpenProject does not cause HTTP 401 responses that could've been avoided and cause noise in monitoring and similar services.
**Acceptance criteria**
* When obtaining an `OpenIDConnect::UserToken`, store the expiration date as provided by the OAuth 2.0 token endpoint
* The `UserTokens::FetchService` should take that expiration date into account to judge whether a token is expired
* If the token endpoint does not indicate an expiration time, we assume that the token does not expire
* <br>