Looking more into it, I found that the Tenant Session Timeout is what is shown for the User Session Expiration. I was not aware of the Tenant Session Timeout. In one of the Applications the Tenant Session Timeout was the same as the Application JWT Timeout. So I had believed that the Session Expiration was the JWT (Access Token) Timeout. Would be nice to see somewhere with the User when the Access Token would expire since Access Token (JWT Timeout) can be a different timeout as the Tenant Session Timeout.
A
Latest posts made by amyers
-
RE: Unable to set Access_Token to expiring based on the Application settings
-
Unable to set Access_Token to expiring based on the Application settings
For testing purposes I set the JWT Duration of the Application to 30 seconds and the Refresh Token Duration to 1 minute. When I logged in with the user of this application, I see that in the user Session the Expiration date is one hour ahead of Last Accessed instead of one minute ahead. After logging in with the user, I wait after the minute and the access_token is still alive. Only after the hour is up does the access token expire. So I'm confused how to set the access token expiration time.
Here are some additional settings of the Application that may affect the expiration timeout:
Steps to Duplicate:
- Use the default Tenant
- Create Application with these settings:
Application Settings:
Name: dotnetcore
Tenant: Default
Login API configuration
Require an API key: Yes
Generate Refresh Tokens: No
Enable JWT refresh: Yes
Passwordless login Enabled: No
Authentication tokens Enabled: No
JWT Enabled: Yes
JWT time to live in seconds: 30
Refresh Token time to live in minutes: 1
Refresh Token expiration: Fixed. The expiration is calculated when the token is first created.
Refresh Token usage: Reusable. The value does not change after it has been created.
OAuth configuration
Require authentication: Yes
Generate Refresh Tokens: No
Logout behavior: All applications
Enabled grants: Authorization Code