API Token Expiration

[lngsx]

I've been working with the API and noticed something that's got me a bit concerned from a security standpoint.

API tokens don't seem to have any expiration time set, and from what I can tell, logging in multiple times creates multiple valid tokens rather than invalidating the previous ones. So if I:

1. Login → get token A.
2. Login again → get token B.
3. Both tokens A and B remain valid indefinitely.

I saw this discussion but it didn't seem to get resolved.

I also looked at the code, and if I understand it correctly, I didn't see any expiration mechanism, though I am not really a typescript person so I am not so sure about it.

Questions:

• Would adding configurable token expiration be something the community would find useful?
• or I am missing something obvious here? Is there actually an expiration mechanism I'm not seeing?

Just wanted to check if others have run into this or if there's a reason it's designed this way.

Thanks for the awesome project! 🙏