FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Unable to set Access_Token to expiring based on the Application settings

    Scheduled Pinned Locked Moved
    Comments & Feedback
    0
    3
    4.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      amyers
      last edited by

      For testing purposes I set the JWT Duration of the Application to 30 seconds and the Refresh Token Duration to 1 minute. When I logged in with the user of this application, I see that in the user Session the Expiration date is one hour ahead of Last Accessed instead of one minute ahead. After logging in with the user, I wait after the minute and the access_token is still alive. Only after the hour is up does the access token expire. So I'm confused how to set the access token expiration time.

      Here are some additional settings of the Application that may affect the expiration timeout:

      Steps to Duplicate:

      • Use the default Tenant
      • Create Application with these settings:
        Application Settings:
        Name: dotnetcore
        Tenant: Default
        Login API configuration
        Require an API key: Yes
        Generate Refresh Tokens: No
        Enable JWT refresh: Yes
        Passwordless login Enabled: No
        Authentication tokens Enabled: No
        JWT Enabled: Yes
        JWT time to live in seconds: 30
        Refresh Token time to live in minutes: 1
        Refresh Token expiration: Fixed. The expiration is calculated when the token is first created.
        Refresh Token usage: Reusable. The value does not change after it has been created.
        OAuth configuration
        Require authentication: Yes
        Generate Refresh Tokens: No
        Logout behavior: All applications
        Enabled grants: Authorization Code
      1 Reply Last reply Reply Quote 0
      • A
        amyers
        last edited by

        Looking more into it, I found that the Tenant Session Timeout is what is shown for the User Session Expiration. I was not aware of the Tenant Session Timeout. In one of the Applications the Tenant Session Timeout was the same as the Application JWT Timeout. So I had believed that the Session Expiration was the JWT (Access Token) Timeout. Would be nice to see somewhere with the User when the Access Token would expire since Access Token (JWT Timeout) can be a different timeout as the Tenant Session Timeout.

        1 Reply Last reply Reply Quote 0
        • danD
          dan
          last edited by

          @amyers I'm not quite sure what you are suggesting. Are you saying that you'd like information on the user view (in the admin UI) about when a JWT created on login would expire? Or do I misunderstand you?

          --
          FusionAuth - Auth for devs, built by devs.
          https://fusionauth.io

          1 Reply Last reply Reply Quote 0
          • First post
            Last post