Increased access token validity and fixed refresh token validation by bstanga · Pull Request #13

The markdown data discusses the common practice for token validity durations, suggesting that access tokens typically last between 15-60 minutes, while refresh tokens can last from 1-14 days. The shorter duration of access tokens is a security measure to limit potential damage if a token is compromised, while the longer duration of refresh tokens enhances user experience by reducing the need for frequent re-authentication.

For the specific use case mentioned, the recommendation is for an access token duration of 30 minutes and a refresh token duration of 7 days. This balance aims to optimize both security and usability. However, these durations can be adjusted based on specific security requirements or usage patterns.

Key takeaways

Common practice for token validity durations is 15-60 minutes for access tokens and 1-14 days for refresh tokens.
The shorter access token duration helps limit the window of opportunity if a token is compromised.
The longer refresh token duration provides a better user experience by reducing the frequency of re-authentication.
For specific use case, it is recommended to set access token to 30 minutes and refresh token to 7 days for a balance between security and usability.

Increased access token validity and fixed refresh token validation by bstanga · Pull Request #13 · presubmit/ebank-backend

Key takeaways

Discussion (0)