From 957109ecc6211e8823edb9551162a75438ba224f Mon Sep 17 00:00:00 2001
From: BryanFauble <17128019+BryanFauble@users.noreply.github.com>
Date: Tue, 5 Nov 2024 10:23:42 -0700
Subject: [PATCH] Move token lifecycle to 1.25 days from 1 day

---
 deployments/stacks/dpe-auth0/main.tf | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/deployments/stacks/dpe-auth0/main.tf b/deployments/stacks/dpe-auth0/main.tf
index 0cb83e05..780ea89d 100644
--- a/deployments/stacks/dpe-auth0/main.tf
+++ b/deployments/stacks/dpe-auth0/main.tf
@@ -4,8 +4,11 @@ resource "auth0_resource_server" "k8s-cluster-telemetry" {
   identifier  = "${var.cluster_name}-telemetry"
   signing_alg = "RS256"
 
-  allow_offline_access                            = false
-  token_lifetime                                  = 86400
+  allow_offline_access = false
+  # 108000 seconds = 1.25 days
+  # An offset of 1.25 days allows a daily token refresh to occur by simple cronjob
+  # for the services that use the token
+  token_lifetime                                  = 108000
   skip_consent_for_verifiable_first_party_clients = true
   # https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/resource_server_scopes
   # Says to use the following, however it errors out: