`max_signed_tokens_ttl` setting for a maximum duration on API tokens

[simonw]

It's currently possible to use /-/create-token to create a token that lasts forever.

Some administrators may wish to have a maximum expiry instead. I should support that with a setting.

[simonw]

This setting will disable the "Token never expires" option:

[simonw]

I'm going for consistency with max_csv_mb and max_returned_rows and allow_signed_tokens and default_cache_ttl.

So max_signed_tokens_ttl.

[simonw]

I just realized this can't easily affect the datasette create-token command because it doesn't currently accept the --setting option, so it wouldn't know what max_signed_tokens_ttl was.

More to the point: even if it did, someone could abuse their knowledge of the secret to create a signed non-expiring token even on servers that didn't want to support those.

So I actually need to redesign the token format: it needs to store the timestamp when the token was created and the intended duration, NOT the timestamp that the token expires at.

Otherwise it's not possible for servers to enforce max_signed_tokens_ttl - someone could always create a token with a custom expires_at timestamp on it outside of the configured limit.

[simonw]

New token design:

{
  "a": "actor-id",
  "t": "creation timestamp as integer",
  "d": "intended duration in seconds, or blank if no duration set"
}

This is in place of the "e": "expiry timestamp" design I've built so far.