Is there a way to expire a HMAC hash for identity verification? How long does the hash last if the secrets are not rotated? Rotating a secret requires downtime so it is not ideal. If a HMAC signature is leaked, it can be use by anyone to impersonate a user. Unless I am misunderstanding..
Answered
Identity Verification expiration time
Best answer by Ebenezer.Laleye
Hi
The HMAC hash value for Identity verification doesn’t expire. If you do fear that the secret key has been leaked you would need to get in touch with us to rotate it, this can ben done in under 5-10mins.
Hope this helps!
Reply
Rich Text Editor, editor1
Editor toolbars
Press ALT 0 for help
Join the Intercom Community 🎉
Already have an account? Login
Login to the community
No account yet? Create an account
Intercom Customers and Employees
Log in with SSOor
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.