Store login expiration time


When a user does “snap login”, they get a representation of that login with a 1-year expiration time. This means they will not have to enter their credentials again for a year. As seen in this topic, some people’s logins are already expiring. That topic outlines work to do to make the messaging clearer (“your stored login has expired, please do snap login and re-enter your credentials”).

We felt it’d be a good time to revisit the decision to give these login representations (which we store as macaroons) a 1-year lifetime.

We can keep the current 1-year expiration time, which means, as seen, people will need to re-login after that time in order to be able to install/update. The upside is: people will have to confirm their credentials at least once a year.

We can go for “eternal” credentials which never expire and mean that people (and unattended devices) continue getting updates.

Or we can make the time shorter or longer.

What do you think?