1. Proposed title of this feature request

>> User should be able to configure the absolute maximum time-limit that the cluster allows.

oc create token <service-account> there is no upper time-limit on how long the token handed out can be.

2. What is the nature and description of the request?

>> Customer  wants it to be limited to the maximum age.  Also, he does not want to allow a user to set a token timeout of 132 years (2^32 seconds)

-----------------------

$ oc create token --help  | grep -A3 duration
    --duration=0s:
   Requested lifetime of the issued token. The server may return a token with a longer or shorter lifetime.

-----------------------
[user@bastion ~]$ oc create token -n test-project testsa --duration 100000000m
error: failed to create token: TokenRequest.authentication.k8s.io "" is invalid: spec.expirationSeconds: Invalid value: 6000000000: may not specify a duration larger than 2^32 seconds

-----------------------

3. Why does the customer need this? (List the business requirements here)

Users can get tokens that have no limit in time. Customer wants to be able to set a maximum time for a token so that it can't be abused to create extremely long-lived tokens.