Feature Request - Force logout after few hours


I use GitHub OAuth to authenticate to Concourse UI which works but not sure when the session is invalidated.

For security reasons, I think it would be a good idea to force log out after a couple of hours.

What do you guys think?

Also, pls let me know the best place to raise issues and feature requests. Is it this forum or GitHub?


Not all concourse options are documented, a good idea is to have a look at the output of concourse web -h, I often discover hidden gems :slight_smile:

For your question, you can use the --auth-duration option to set the duration to the time you prefer:

Length of time for which tokens are valid. Afterwards, users will have to log back in.


Nice 1 @marco-m - thank you. Good info to have. I’m curious. Consider the scenario where one have a screen in the office whereon the ConcourseCI web-ui is being displayed. A user with low privileges is logged in … if you want only this user not to be logged out after 24h. Is this possible?

Thank you.


This is not currently possible, the session duration is global.

Concourse 5.x (unreleased) has RBAC support (see https://medium.com/concourse-ci/concourse-rbac-preview-8e07616ddc47), but I don’t know if it will allow different login duration depending on the role, say read-only. This would be a good feature request actually.

A workaround, assuming that either you can afford to make your pipeline public or your Concourse web is accessible only from selected IP addresses, is to use fly expose-pipeline, which makes the pipeline viewable by unauthenticated users (but not the build logs). You can also consult the documentation for public https://concourse-ci.org/jobs.html#job-public, but be careful about the implications (if the logs contain secrets…).