Breaking Change: API keys are validated for issuer and expiration fields #6620
Pinned
jander-msft
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
As of the 8.0.2, 7.3.4, and 6.3.6 updates, .NET Monitor will now validate that API keys have an issuer (
iss) field and an expiration field (exp) within the token.generatekeycommandWorkflows that use the
generatekeycommand are potentially impacted by the expiration of the key. Keys generated with this command will have a default expiration that is 7 days from the time of the creation of the API key. The expiration can be changed using the--expirationparameter. There is no ability to opt-out of setting or validating the expiration.--temp-apikeyoptionWorkflows that use the
--temp-apikeyoption are potentially impacted by the expiration of the key. The expiration of the temporary API key is 7 day from the time of creation of the API key. There is no ability to opt-out of setting or validating the expiration.Custom API keys
Workflows that use custom API key generation are impacted; .NET Monitor deployments must be updated to set the
Authentication__MonitorApiKey__Issuerconfiguration section to the value that is specified in the generated API keys. There is no ability to opt-out of validating the expiration.Related Documentation
Beta Was this translation helpful? Give feedback.
All reactions