• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

Unable to set Access_Token to expiring based on the Application settings

Scheduled Pinned Locked Moved
Comments & Feedback
0
3
4.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    amyers
    last edited by 29 Mar 2021, 18:00

    For testing purposes I set the JWT Duration of the Application to 30 seconds and the Refresh Token Duration to 1 minute. When I logged in with the user of this application, I see that in the user Session the Expiration date is one hour ahead of Last Accessed instead of one minute ahead. After logging in with the user, I wait after the minute and the access_token is still alive. Only after the hour is up does the access token expire. So I'm confused how to set the access token expiration time.

    Here are some additional settings of the Application that may affect the expiration timeout:

    Steps to Duplicate:

    • Use the default Tenant
    • Create Application with these settings:
      Application Settings:
      Name: dotnetcore
      Tenant: Default
      Login API configuration
      Require an API key: Yes
      Generate Refresh Tokens: No
      Enable JWT refresh: Yes
      Passwordless login Enabled: No
      Authentication tokens Enabled: No
      JWT Enabled: Yes
      JWT time to live in seconds: 30
      Refresh Token time to live in minutes: 1
      Refresh Token expiration: Fixed. The expiration is calculated when the token is first created.
      Refresh Token usage: Reusable. The value does not change after it has been created.
      OAuth configuration
      Require authentication: Yes
      Generate Refresh Tokens: No
      Logout behavior: All applications
      Enabled grants: Authorization Code
    1 Reply Last reply Reply Quote 0
    • A
      amyers
      last edited by 30 Mar 2021, 13:51

      Looking more into it, I found that the Tenant Session Timeout is what is shown for the User Session Expiration. I was not aware of the Tenant Session Timeout. In one of the Applications the Tenant Session Timeout was the same as the Application JWT Timeout. So I had believed that the Session Expiration was the JWT (Access Token) Timeout. Would be nice to see somewhere with the User when the Access Token would expire since Access Token (JWT Timeout) can be a different timeout as the Tenant Session Timeout.

      1 Reply Last reply Reply Quote 0
      • D
        dan
        last edited by 5 Apr 2021, 17:59

        @amyers I'm not quite sure what you are suggesting. Are you saying that you'd like information on the user view (in the admin UI) about when a JWT created on login would expire? Or do I misunderstand you?

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post