You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the expiration time for JWT tokens is hardcoded to 7 days in the code. To enhance security measures, it is recommended to allow specifying the expiration time in minutes or hours dynamically.
public String createToken(final Principal principal, final List<Permission> permissions, final IdentityProvider identityProvider) {
final Date today = new Date();
final JwtBuilder jwtBuilder = Jwts.builder();
jwtBuilder.setSubject(principal.getName());
jwtBuilder.setIssuer(ISSUER);
jwtBuilder.setIssuedAt(today);
jwtBuilder.setExpiration(addDays(today, 7)); // Hardcoded expiration time
// ... (additional code)
// Request: Allow dynamic setting of token expiration time (in minutes or hours)
}
Please consider implementing this enhancement for better flexibility and security in managing JWT token expiration times. Feel free to reach out if further clarification.
Feel free to add specific implementation approaches in the comments, and I will try to create a PR by myself as soon as possible.
Best
DoPaNik
The text was updated successfully, but these errors were encountered:
Currently, the expiration time for JWT tokens is hardcoded to 7 days in the code. To enhance security measures, it is recommended to allow specifying the expiration time in minutes or hours dynamically.
Please consider implementing this enhancement for better flexibility and security in managing JWT token expiration times. Feel free to reach out if further clarification.
Feel free to add specific implementation approaches in the comments, and I will try to create a PR by myself as soon as possible.
Best
DoPaNik
The text was updated successfully, but these errors were encountered: