Hi Vikunja team,
I’d like to propose a feature enhancement for API tokens. Currently, API tokens are limited by an expiration time defined by the jwtttl or jwtttllong configurations. While this works well for most scenarios, there are cases where having an option for non-expiring tokens would be very useful.
What about using long-lived API tokens you create from the settings?
Thank you for your suggestion. Using a long-lived API token created from the settings would indeed meet my needs. However, I would like to clarify that there is a difference between a long-lived API token and a token with permanent validity. A long-lived token still has an expiration date, even if it is set far in the future, whereas a permanent token would never expire. Many services, such as GitHub, offer an option for permanent tokens, and this feature is generally well understood by users without causing confusion.
I believe adding an option for a permanent token would be a helpful enhancement, providing more flexibility for use cases like mine.
Thank you for considering my request!
We don’t have long-lived tokens for security reasons. In general, you want to rotate keys to minimize the effect that a leaked key might have.