Clarity on the maxTimeToLive passed in authClient for Internet Identity

saikatdas0790 · June 4, 2022, 7:43am

The documentation here talks about DelegationIdentitybeing valid with the set maxTimeToLive.

The II interface spec too talks about it here

The questions I have are:

What is the default value in case nothing is passed?
Is there a way to obtain a DelegationIdentity that doesn’t expire?
What is the exact max value that can be passed?

paulyoung · June 5, 2022, 6:52am

This says 8 hours:

github.com

dfinity/agent-js/blob/03515b4753c82694103606713deb543250b50b32/packages/auth-client/src/index.ts#L69-L73


      
          /**
           * Expiration of the authentication in nanoseconds
           * @default  BigInt(8) hours * BigInt(3_600_000_000_000) nanoseconds
           */
          maxTimeToLive?: bigint;

github.com

dfinity/agent-js/blob/03515b4753c82694103606713deb543250b50b32/packages/auth-client/src/index.ts#L376-L380


      
          /**
           * Expiration of the authentication in nanoseconds
           * @default  BigInt(8) hours * BigInt(3_600_000_000_000) nanoseconds
           */
          maxTimeToLive?: bigint;

github.com

dfinity/agent-js/blob/03515b4753c82694103606713deb543250b50b32/packages/auth-client/src/index.ts#L403-L404


      
          // Set default maxTimeToLive to 8 hours
          const defaultTimeToLive = /* hours */ BigInt(8) * /* nanoseconds */ BigInt(3_600_000_000_000);

But I’ve been getting logged out after about 30 minutes:

github.com/dfinity/agent-js

Logout happening periodically despite passing `disableIdle: true` in `idleOptions`

opened 09:26PM - 25 May 22 UTC

closed 05:39PM - 01 Dec 23 UTC

paulyoung

bug

**Describe the bug** During local development I noticed that I was getting lo…gged out after iterating on something for a while that requires being logged in. I started doing `AuthClient.create({ idleOptions: { disableIdle: true })` to try and prevent this but it's still happening. I stepped through the code and I can confirm that an `idleManager` isn't being created. Is this expected behavior, or a known issue? **To Reproduce** Steps to reproduce the behavior: 1. Create an auth client as described above 1. Authenticate using local internet identity 1. Leave a browser window open for a while 1. Refresh the page after a while 1. Confirm that you are logged out **Expected behavior** You remain logged in until you explicitly log out **Desktop (please complete the following information):** - macOS Monterey Version 12.2.1 (21D62) - Brave Version 1.36.119 Chromium: 99.0.4844.83 (Official Build) (arm64) **Additional context** ``` $ cat package-lock.json | grep dfinity "@dfinity/agent": { "resolved": "https://registry.npmjs.org/@dfinity/agent/-/agent-0.11.1.tgz", "@dfinity/auth-client": { "resolved": "https://registry.npmjs.org/@dfinity/auth-client/-/auth-client-0.11.1.tgz", "@dfinity/authentication": { "resolved": "https://registry.npmjs.org/@dfinity/authentication/-/authentication-0.11.1.tgz", "@dfinity/candid": { "resolved": "https://registry.npmjs.org/@dfinity/candid/-/candid-0.11.1.tgz", "@dfinity/identity": { "resolved": "https://registry.npmjs.org/@dfinity/identity/-/identity-0.11.1.tgz", "@dfinity/principal": { "resolved": "https://registry.npmjs.org/@dfinity/principal/-/principal-0.11.1.tgz", ```

I would like to know this too.

BigInts are supposed to be arbitrarily large but in practice it seems to be implementation-specific:

javascript - What's the biggest BigInt value in js as per spec - Stack Overflow

saikatdas0790 · June 6, 2022, 3:45am

Right, my use case is primarily syncing data between devices, so I am primarily looking for a way to have auth never expire. In case it absolutely has to, I am looking for the maximum possible value that the IC supports. I was reading on this thread that it’s close to 8 days, but knowing the EXACT maximum value that is practically possible would be helpful

@kpeacock @PaulLiu Any thoughts?

frederikrothenberger · June 7, 2022, 7:28am

@saikatdas0790: The exact maximum value has been increased to 30 days.

We are aware, that there are many use cases for which delegations without expiry would be helpful. However, these are problematic from a security perspective. So what we will most likely implement in the future are short-lived delegations that can be refreshed.

Unfortunately though, this is only a plan so far and I cannot give you a timeline of when this feature will be ready. The most up to date information can be found here: Internet Identity Roadmap Update, June 2022

saikatdas0790 · June 7, 2022, 10:22am

Thank you for the clarity. 30 days will work for now

kpeacock · June 13, 2022, 8:42pm

Additionally, for long-term usage you can use identities that are not delegated at all, although this requires you to securely save the public-private keypair

Topic		Replies	Views
Support AuthClient 0.11.3 maxTimeToLive expiring in 10~ mins JavaScript	9	1004	June 27, 2022
AuthClient Update - Idle Timeouts JavaScript Discussing	13	1766	June 28, 2022
How long can the Internet Identity login status be maintained? Developers	3	768	August 25, 2021
Specified sender delegation has expired Developers	3	788	October 15, 2021
[JS] @dfinity/agent version 0.7.1 Language Support	31	2848	September 11, 2021

Related topics