Adjusted jwt access token exp expiry value to 5 days from seven, also confirmed it works and an expired token loses access and adjusted the skew to 0

2021-11-12 18:10:39 +00:00
parent eba68efc19
commit 000b53ea1e
4 changed files with 24 additions and 6 deletions
--- a/docs/8.0/ayanova/docs/ops-config-jwt-secret.md
+++ b/docs/8.0/ayanova/docs/ops-config-jwt-secret.md
@@ -5,9 +5,9 @@ AyaNova uses JSON Web Tokens (JWT) for authentication.
 These time limited tokens are signed by the server using a secret key and issued to users when they log in to the AyaNova server.
 Every time the user makes a request to the server the JWT is sent along as well and verified to be valid.

-Tokens have a built in expiry mechanism of 7 days from issue to force users to re-login at periodic intervals.
+Tokens have a built in expiry mechanism of 5 days from issue.

-Users can be prevented from logging in even if they have a valid token by setting them to inactive.
+Users can be prevented from logging in or accessing the server by setting them inactive which takes effect immediately regardless of how many days are left on their current access token.

 All active tokens previously issued can be invalidated by changing this JWT Secret setting and restarting the server (or restarting the server and allowing it to choose a new secret value randomly if none is specified).