> On 18 Feb 2026, at 13:04, Zsolt Parragi <zsolt.parragi@percona.com> wrote:
>> 2. Terminating sessions with expired/revoked tokens before executing new
>> commands.
>
>> Token expiration is IMHO not a use case for a FATAL error, if we want to
>> terminate a connection we can do it in a more graceful way.
>
> There are different reasons for token expiration, one is a simple
> timeout where all we have to do is communicate to the client that we
> need a refresh (gracefully), and the other is where a token is
> immediately revoked because of a security incident, in which case
> immediate termination is a good practice.
I understand these cases and agree that there are different needs for messaging
to the user for these cases, but I still think that neither should overload
what FATAL error means. The mechanism used is however a secondary discussion,
first thing to get in place is a design for how to handle mid-connection
credential expiration.
--
Daniel Gustafsson
