Increased access token validity and fixed refresh token validation by bstanga · Pull Request #13 · presubmit/ebank-backend
Nov 22, 2024 - github.com
The markdown data discusses the common practice for token validity durations, suggesting that access tokens typically last between 15-60 minutes, while refresh tokens can last from 1-14 days. The shorter duration of access tokens is a security measure to limit potential damage if a token is compromised, while the longer duration of refresh tokens enhances user experience by reducing the need for frequent re-authentication.
For the specific use case mentioned, the recommendation is for an access token duration of 30 minutes and a refresh token duration of 7 days. This balance aims to optimize both security and usability. However, these durations can be adjusted based on specific security requirements or usage patterns.
Key takeaways:
Common practice for token validity durations is 15-60 minutes for access tokens and 1-14 days for refresh tokens.
The shorter access token duration helps limit the window of opportunity if a token is compromised.
The longer refresh token duration provides a better user experience by reducing the frequency of re-authentication.
For specific use case, it is recommended to set access token to 30 minutes and refresh token to 7 days for a balance between security and usability.
