Description
A bug was introduced some time ago (Aug 2024) that broke the behavior of the preserveIdleTTL parameter of the tokens/me resource. This bug caused the idle ttl of the token to be reset regardless of the value of the parameter. We are now updating the behavior such that setting preserveIdleTTL=true will correctly leave the idle ttl of the token unmodified. Verify that any application using the tokens/me resource to prevent the token from idling is either not specifying preserveIdleTTL or explicitly setting it to false.
Change Category
API
Change Context
This change is being made to fix a bug and correct the behavior for the preserveIdleTTL parameter of the tokens/me resource
Change Impact
Some customers may have relied on this bug to achieve the desired behavior of ensuring that the user would not be logged out. These customers would send preserveIdleTTL=true, expecting that it would extend the idle ttl of the token (reset the idle ttl). Once we correct the bug, sending preserveIdleTTL=true will leave the idle ttl of the token unmodified, potentially resulting in users getting logged out earlier than expected.
Customers should review their implementation with respect to the use of the preserveIdleTTL parameter, as outlined above, and verify that any application using the tokens/me resource to prevent the token from idling is either not specifying preserveIdleTTL or explicitly setting it to false.
Date of Change
Apr 14, 2025
Impacted APIs
api/v2/tokens/me
References
[IAM-3002]