Developer forum

Forum » Development » Token lifecycle /dwapi/users/authenticate

Token lifecycle /dwapi/users/authenticate

E-mail notifications
Martin Moen
Reply
Posted on 12/12/2021 10:53:25

A) What is the expiry length for the token returned in /dwapi/users/authenticate?
B) Can the expiry length be changed?


Replies

 
Nicolai Pedersen
Posted on 12/12/2021 13:09:08
Reply
This post has been marked as an answer

1800 seconds, 30 minutes.

Currently that is not configurable.

What is your requirements - then we can have a look at adding the option to change the expiration and maybe supply refresh tokens with longer validation.

BR Nicolai

Votes for this answer: 1
 
Martin Moen
Posted on 12/12/2021 13:22:47
Reply

Okay, thank you for the info.
Would be perfect if that was documented in Swagger too.

Maybe there should have been en option to set custom expiry in the /dwapi/users/authenticate/refresh call?

 
Nicolai Pedersen
Posted on 12/12/2021 13:54:11
Reply

Good point.

I have udpated the documentation and added an overload to set expirationInSeconds=1800 with a default of 1800 and a maks of 86400 = 1 day. It will have to go through code and security review first. expirationInSeconds will also be on the /refresh

 
Martin Moen
Posted on 12/12/2021 14:08:36
Reply

Sounds good!
Might be security implications, so please look into it. But would be great to be able to set custom expirationInSeconds.

 

You must be logged in to post in the forum