Reducing OpenID Connect ID token lifespan to 24 hours

77 views
Skip to first unread message

Pedro Costa

unread,
Jun 29, 2020, 10:05:20 AM6/29/20
to ORCID API Users
Dear developers,

Due to security concerns around the long term validity of OpenID Connect ID tokens issued by ORCID, we will be reducing their lifetime to 1 day in the coming months. A new announcement will be posted when a date is set.

You can follow our progress in this Trello card: https://trello.com/c/byfjid09

Jason

unread,
Jun 29, 2020, 11:50:59 PM6/29/20
to ORCID API Users
Thanks for the notice Pedro.  Good change too.

Ryan Shaw

unread,
Jun 30, 2020, 1:03:12 PM6/30/20
to ORCID API Users
Does this change affect OAuth access tokens as well, or only OpenID Connect ID tokens?

Demeranville, Tom

unread,
Jun 30, 2020, 1:54:49 PM6/30/20
to Ryan Shaw, ORCID API Users
This only affects Open ID Connect id_tokens.

To be very clear for others just browsing - access tokens have not changed.

Thanks for bringing it up Ryan,  

Tom Demeranville
Product Director
ORCID Inc


On Tue, Jun 30, 2020 at 6:03 PM Ryan Shaw <ryan...@unc.edu> wrote:
Does this change affect OAuth access tokens as well, or only OpenID Connect ID tokens?

--
You received this message because you are subscribed to the Google Groups "ORCID API Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orcid-api-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/orcid-api-users/9ce599d8-31bf-4f8c-b5a6-80cac961d15eo%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages