starred/App-Store-Connect-CLI
1
0
Fork 0
mirror of https://github.com/rudrankriyam/App-Store-Connect-CLI.git synced 2026-04-25 23:55:51 +03:00
Code Issues 2 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #167] Audit: Consider shorter JWT token lifetime #49

New issue
Closed
opened 2026-02-26 21:33:00 +03:00 by kerem · 1 comment
kerem commented 2026-02-26 21:33:00 +03:00
Owner
Copy link

Originally created by @rudrankriyam on GitHub (Jan 25, 2026).
Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/167

Description

internal/asc/client_core.go:31 sets JWT token lifetime to 20 minutes:

tokenLifetime = 20 * time.Minute

Impact

While 20 minutes is reasonable, App Store Connect tokens should ideally be shorter-lived (5-10 minutes) for better security, especially if tokens are cached.

Location

internal/asc/client_core.go:31

Consideration

Consider reducing to 10 minutes or making it configurable via environment variable.

Severity

Low (security hardening suggestion)

Originally created by @rudrankriyam on GitHub (Jan 25, 2026). Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/167 ## Description `internal/asc/client_core.go:31` sets JWT token lifetime to 20 minutes: ```go tokenLifetime = 20 * time.Minute ``` ## Impact While 20 minutes is reasonable, App Store Connect tokens should ideally be shorter-lived (5-10 minutes) for better security, especially if tokens are cached. ## Location `internal/asc/client_core.go:31` ## Consideration Consider reducing to 10 minutes or making it configurable via environment variable. ## Severity Low (security hardening suggestion)
kerem closed this issue 2026-02-26 21:33:00 +03:00
kerem commented 2026-02-26 21:33:01 +03:00
Author
Owner
Copy link

@rudrankriyam commented on GitHub (Jan 25, 2026):

Closed via #170.

<!-- gh-comment-id:3797232992 --> @rudrankriyam commented on GitHub (Jan 25, 2026): Closed via #170.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.1
1.1.0
1.0.1
1.0.0
0.49.1
0.49.0
0.48.1
0.48.0
0.47.1
0.47.0
0.46.2
0.46.1
0.46.0
0.45.4
0.45.3
0.45.2
0.45.1
0.45.0
0.44.2
0.44.1
0.44.0
0.43.0
0.42.0
0.41.4
0.41.3
0.41.2
0.41.1
0.41.0
0.40.1
0.40.0
0.39.1
0.39.0
0.38.3
0.38.2
0.38.1
0.38.0
0.37.3
0.37.2
0.37.1
0.37.0
0.36.3
0.36.2
0.36.1
0.36.0
0.35.3
0.35.2
0.35.1
0.35.0
0.34.1
0.34.0
0.33.2
0.33.1
0.33.0
0.32.0
0.31.3
0.31.2
0.31.1
0.31.0
0.30.0
0.29.3
0.29.2
0.29.1
0.29.0
0.28.14
0.28.13
0.28.12
0.28.11
0.28.10
0.28.9
0.28.8
0.28.7
0.28.6
0.28.5
0.28.4
0.28.3
0.28.2
0.28.1
0.28.0
0.27.0
0.26.4
0.26.3
0.26.2
0.26.1
0.26.0
0.25.4
0.25.3
0.25.1
0.25.0
0.24.3
0.24.2
0.24.1
0.24.0
0.23.5
0.23.4
0.23.3
0.23.2
0.23.1
0.23.0
0.22.1
0.22.0
0.21.0
0.20.2
0.20.1
0.20.0
0.19.3
0.19.2
0.19.1
0.19.0
0.18.2
0.18.1
0.18.0
0.17.0
0.16.0
0.15.0
0.14.0
0.13.0
0.12.4
0.12.3
0.12.2
0.12.1
0.12.0
0.11.0
0.10.2
0.10.1
0.10.0
0.9.0
0.8.1
0.8.0
0.7.0
0.6.0
0.5.0
0.3.1
0.3.0
0.2.0
0.1.6
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0
Labels
Clear labels   
bug

   
bug

   
documentation

   
enhancement

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
bug
documentation
enhancement
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/App-Store-Connect-CLI#49
No description provided.