Is there a way to expire a HMAC hash for identity verification? How long does the hash last if the secrets are not rotated? Rotating a secret requires downtime so it is not ideal. If a HMAC signature is leaked, it can be use by anyone to impersonate a user. Unless I am misunderstanding..
Identity Verification expiration time
Userlevel 1
- Employee
- 6 replies
-
22 May 2024
Hey
- Community Manager
- 129 replies
-
28 May 2024
- Answer
Hi
The HMAC hash value for Identity verification doesn’t expire. If you do fear that the secret key has been leaked you would need to get in touch with us to rotate it, this can ben done in under 5-10mins.
Hope this helps!
Reply
Join the Intercom Community 🎉
Already have an account? Login
Login to the community
No account yet? Create an account
Intercom Customers and Employees
Log in with SSOor
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.