I want to know what is the max value I can set of the JWT token expiration.
Thanks!
There is no rule about the expiration time. It mainly depends on the context where the token is used.
RFC7519 section 4:
The set of claims that a JWT must contain to be considered valid is context dependent and is outside the scope of this specification.
Thus you can consider that for critical processes, a short lifetime may be needed (only few seconds or minutes). For trivial contexts, one month lifetime, one year or even a token without expiration time could be acceptable.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With