[Bug]: API Token Expiry Issue: UI Configuration overridden by default env Variable #1261
Description
🐞 Bug Summary
When creating an API token via the user interface, the token does not adhere to the expiry time specified in the UI. Instead, it defaults to the value set in the environment variable TOKEN_EXPIRY.
🧩 Affected Component
Select the area of the project impacted:
-
mcpgateway- API -
mcpgateway- UI (admin panel) -
mcpgateway.wrapper- stdio wrapper - Federation or Transports
- CLI, Makefiles, or shell scripts
- Container setup (Docker/Podman/Compose)
- Other (explain below)
🔁 Steps to Reproduce
- Set the TOKEN_EXPIRY to 1 minute in the env :
TOKEN_EXPIRY=1 - Create the token via user interface panel with expiry as 30 days.
- Try using the token after 1 minute. Observe that the token does not work after a minute as its expired, even though the expiry set was 30 days in the UI.
🤔 Expected Behavior
- The expiry time of the API token should match the value set by the user in the UI.
- If the user specifies a custom expiry time in the UI, that should override any default value set in the environment variable TOKEN_EXPIRY.
- The token should reflect the expiry time chosen in the UI, ensuring that the token expiration behaves as expected.
🧠 Environment Info
You can retrieve most of this from the /version endpoint.
| Key | Value |
|---|---|
| Version or commit | e.g. v0.9.0 or main@a1b2c3d |
| Runtime | e.g. Python 3.11, Gunicorn |
| Platform / OS | e.g. Ubuntu 22.04, macOS |
| Container | e.g. Docker, Podman, none |
🧩 Additional Context (optional)
Add any configuration details, flags, or related issues.