-
Type:
Suggestion
-
Resolution: Unresolved
-
Component/s: API keys / authentication
-
1
Issue Summary
When the Authentication Policy for API token expiration is set to "Never expires" in Admin Hub, there is a discrepancy in behavior between the Legacy "Create API token" UI and the Modern "Create API token with scopes" UI.
Steps to Reproduce
- Go to Admin Hub > Security > Authentication Policies.
- Set "API token expiration" to "Never expires".
- As a user under this policy, go to the API token management page.
- Attempt to create a API token without scopes and observe the date picker.
- Attempt to create an API token with scopes and observe the date picker.
Expected Results
The UI behavior should be consistent. If the policy allows "Never expires," users should ideally still be able to set a shorter expiration date for better security as seen in "API token without scopes", or the UI should clearly explain why the field is locked.
Actual Results
The Modern UI locks the expiration date to "No expiry" without allowing manual override, while the Legacy UI allows selection. The presence of a non-functional calendar picker in the Modern UI is confusing.
Workaround
Use an API token creation without scopes if a specific expiration date is required, or check off the "Never expires" setting in Admin Hub to pick up an date for scoped API tokens.
