Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the max expiration time accepted by JWT tokens

Tags:

jwt

I want to know what is the max value I can set of the JWT token expiration.

Thanks!

like image 803
Josecanalla Avatar asked Apr 24 '17 17:04

Josecanalla


1 Answers

There is no rule about the expiration time. It mainly depends on the context where the token is used.

RFC7519 section 4:

The set of claims that a JWT must contain to be considered valid is context dependent and is outside the scope of this specification.

Thus you can consider that for critical processes, a short lifetime may be needed (only few seconds or minutes). For trivial contexts, one month lifetime, one year or even a token without expiration time could be acceptable.

like image 153
Spomky-Labs Avatar answered Nov 15 '22 23:11

Spomky-Labs