JWT “never expire” value

  • Resolved julianvickers

    (@julianvickers)


    7 years ago

    Good day –

    Just hoping to get the value for authentication.jwt.expires that mean “never” without having to guess at it. I’m guessing it’s “0” or “-1” or something to that effect, but can’t find anything in the docs specifying.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author AAM Plugin

    (@vasyltech)

    7 years ago

    Hi @julianvickers,

    Thank you for the message. That would be considered as very bad security practice. Indeed in upcoming AAM 5.9.2 release even I’m making all the JWT token “revocable”. This means that any issued JWT token will be tracked and can be revoked on demand.

    If you need to keep your token for longer time, just put some really big number but I would strongly discourage to do so.

    Regards,
    Vasyl

    Thread Starter julianvickers

    (@julianvickers)

    7 years ago

    Thank you for your reply Vasyl.

    I can appreciate the security concern here. I guess I may have to find another way to do what I need. The reason behind the need for “no expiry” is that I’m connecting a mobile application to the backend of the site that uses WP authentication to sync files for safety/emergency plans that have to be accessed quickly… so forcing a login is not ideal under those circumstances.

    I’m sure there is a way to do what I need… I’ll go back to the drawing board.

    Again, thank you!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘JWT “never expire” value’ is closed to new replies.