Token-Based Authentication Guidelines and
Limitations
Learn about how to implement JWT
token-based authentication and its limitations.
When implementing token-based authentication, keep in mind the following guidelines and
limitations.
- The access token lifetime is 24 hours. When it
expires, a refresh token is used to fetch a new access token.
- The refresh token has a 30-day lifetime. When
it expires, the user must reauthenticate and obtain a new access token and then a
refresh token.
- The existing tokens become invalid in the
following scenarios, and a user must reauthenticate and obtain a new access
token.
- Token expired.
- Login-authentication method
changed.
- User account associated with the token
deleted or blocked (local users only).
- Changed user password (local
users only).
- Changed user role (local
users only).
