Prevent an OAuth2.0 client from being used after a specified date

[mig5]

I just noticed that there is a field client_secret_expires_at in the hydra_client table.

Is it actually used anywhere?

My use case is that I want to set an expiry on an OAuth2.0 client (not an expiry of an access token generated for that client). After a certain date, I want that client to no longer be able to be used.

I can hack some tooling around actually deleting (can I 'disable' but not delete a client?) a client on a specific date but I wondered if this field effectively handles that for me.

Thanks!

[slafs]

I'm also interested in this 👍. @mig5 did you get any answer on that? 🤔

[mig5]

@slafs sadly not yet, hopefully the Ory devs see it and offer some advice or perhaps turn it into a feature request if it isn't already possible.

One fall-back plan might be to rely on, say, assigning scopes that have names that involve dates (or say, make a scope that is a unix timestamp of a future date) and use app-level logic that reject the OAuth2.0 request if a scope isn't allowed to be used after a given date (e.g if the current timestamp is greater than that of the scope). But it's a bit clumsy..