Add refresh token expiration (#30943)

This commit is contained in:
Michael 2024-01-25 18:24:58 +01:00 committed by GitHub
parent 7ea85b0698
commit a65716a6de
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -40,6 +40,10 @@ You can:
- Create [Long Lived Access Tokens](https://developers.home-assistant.io/docs/auth_api/#long-lived-access-token) so scripts can securely interact with Home Assistant.
- Log out of Home Assistant.
<div class="note">
Unused refresh tokens will be automatically removed. A refresh token is considered unused if it has not been used for a login within 90 days. If you need a permanent token, then we recommend using [Long Lived Access Tokens](/docs/auth_api/#long-lived-access-token).
</div>
### Securing your login
_Make sure to choose a secure password!_ At some time in the future, you will probably want to access Home Assistant from outside your local network. This means you are also exposed to random black-hats trying to do the same. Treat the password like the key to your house.