From e0439d6d6817dd753f2bca3c0557937425e2ed05 Mon Sep 17 00:00:00 2001 From: Christoph Wurst Date: Mon, 19 Aug 2024 11:26:01 +0200 Subject: [PATCH] feat(admin): Auth token clean-up Signed-off-by: Christoph Wurst --- .../configuration_user/authentication.rst | 28 +++++++++++++++++++ admin_manual/configuration_user/index.rst | 1 + admin_manual/release_notes/upgrade_to_30.rst | 5 ++++ 3 files changed, 34 insertions(+) create mode 100644 admin_manual/configuration_user/authentication.rst diff --git a/admin_manual/configuration_user/authentication.rst b/admin_manual/configuration_user/authentication.rst new file mode 100644 index 00000000000..cc2ca16c607 --- /dev/null +++ b/admin_manual/configuration_user/authentication.rst @@ -0,0 +1,28 @@ +.. _authentication: + +============== +Authentication +============== + +App passwords +^^^^^^^^^^^^^ + +App passwords allow users to authenticate multiple client applications against their Nextcloud account without giving the application the login password. App passwords are mandatory for accounts with :ref:`two-factor authentication` enabled. + +Some clients support *remote wipe*, which makes the connected application delete its local data. + +.. _authentication-app-password-clean-up: + +Automated clean-up +****************** + +.. versionadded:: 30 + +Nextcloud will delete unused passwords. Passwords set for *remote wipe* are deleted after 60 days of no usage. App passwords of client applications are deleted after 365 days of no usage. + +The time spans can be overwritten with configuration:: + + php occ config:system:set token_auth_wipe_token_retention --type=int --value 2592000 # 60*60*24*30 - 30 days + php occ config:system:set token_auth_token_retention --type=int --value 63072000 # 60*60*24*365*2 - 2 years + +Values are set in **seconds**. \ No newline at end of file diff --git a/admin_manual/configuration_user/index.rst b/admin_manual/configuration_user/index.rst index 7a06f853c79..3cd442eee77 100644 --- a/admin_manual/configuration_user/index.rst +++ b/admin_manual/configuration_user/index.rst @@ -9,6 +9,7 @@ User management reset_admin_password reset_user_password user_password_policy + authentication two_factor-auth user_auth_ldap user_auth_ldap_cleanup diff --git a/admin_manual/release_notes/upgrade_to_30.rst b/admin_manual/release_notes/upgrade_to_30.rst index 51fd02a0f23..bafb651d0b1 100644 --- a/admin_manual/release_notes/upgrade_to_30.rst +++ b/admin_manual/release_notes/upgrade_to_30.rst @@ -30,3 +30,8 @@ Previews for PDF files with Imaginary The preview provider ``OC\Preview\Imaginary`` is no longer generating previews for PDF files. Add the new preview provider ``OC\Preview\ImaginaryPDF`` to ``enabledPreviewProviders`` to enable preview generation with Imaginary for PDF files. + +Automated clean-up of app password +---------------------------------- + +Nextcloud 30 will :ref:`clean-up unused app passwords`.