Endpoint getting all expired tokens

[cafsenra]

Summary

We need an api endpoint to get all expired tokens

Motivation

We are generating temporary tokens for argocd. However, tokens get accumulated in UI even if they are expired. Would be nice to have an api endpoint that get all expired endpoints so that we can cleanup easily in bach.

Proposal

We could create an endpoint /api/v1/account/user/tokens that accept querying for expired, is /api/v1/account/user/tokens?expired=true

[crenshaw-dev]

tokens get accumulated in UI even if they are expired

Can you provide a screenshot of where the tokens are getting accumulated? It sounds like you may be referring to project tokens rather than user account tokens.

[agaudreault]

What is the business value for a user to have this API? It seems like that would be used more by an argo admin.

If used by an admin, the tokens are in the AppProject manifest, so you can just get the manifest, compare the jwtTokens[].exp with the date of your choosing, and delete them as needed.

There is also already a List token and a Delete token API. These can be used by scripts to delete expired tokens.

The UI can also have logic to add a button "Delete expired tokens" and call the existing delete token API.

I don't think the current API need to be modified, but I could see value on having that button in the UI.

@cafsenra What do you think?

[cafsenra]

Thank you for your quick reply.
@agaudreault the button in the ui would be a nice addition, however IMHO I see value in the possibility of removing in batch all expired token using the api, as it would avoid to make a request for each token deletion.