A customer wants to create session tokens for service accounts responsible for running coding agents in workspaces. In their deployment, they want to set a strict TTL for any token a user can create without restricting administrators. However, this doesn't mean administrators should have zero restrictions on token lifetimes, as this poses a security risk.

In short, the deployment-level MAX_TOKEN_LIFETIME is too broadly enforced.

We should expect the demand for this use case to increase as we roll agentic AI out.

Example of desired behavior:

• I, as a user, get a 24 hour token when I open a new session via the CLI.
• I, as a user, can create tokens in the dashboard and CLI with a lifetime no longer than 72 hours.
• I, as an administrator, can create tokens for myself that last up to 7 days.
• I, as an administrator, can create tokens on the behalf of users that last up to 7 days.