expire tokens after x days

Expiring tokens (or resetting them) is something I would like to see done via Rules integration.

I am of two minds on setting a 301 with a special message. Is it worth keeping track of expired alphanumeric tokens just to create a more effective message?

In the case of RSS feeds and Views, by making a feed publicly accessible and relying on node_access() et all for access control, you can use Empty Text to provide instructions such as "No content available/expired token."

If someone wants to make an argument for this, the won't fix is negotiable with a patch.

P.S., An issue so old it predates marking issues with code versions.

Meh, changed my mind. While this would work great as a Rules functionality, it is so basic to the scope of this module that a Rules stack dependency seems excessive.

Attached patch creates a new 'issued' column in the tokenauth_tokens table, it is intended to hold a unix timestamp of the date each token is issued. A new variable, tokenauth_lifespan is created to allow admins to specify a number of days that a token will be valid. An implementation of hook_cron checks whether that has been set to a non-zero number, and if so will regenerate all tokens that are out of date.

This patch does not address the redirection of expired tokens.

Setting to Needs Review for two reasons,

1) Is this functionality usable enough without the redirecting to subject real users to this? I can't quite see wanting to use it, except maybe as part of a general once a year password reset policy.
2) I want a couple second opinions that this is looking and working properly.

The core part of this patch, namely the tracking of token issuance date, is something that I expect to eventually get in through one feature request or another.