Token-Based Authentication Limitations

Note the following limitations for implementing token-based authentication:

• The access token lifetime is 24 hours. When it expires, a refresh token is used to fetch a new access token.
• The refresh token has a 30-day lifetime. When it expires, the user must reauthenticate and obtain a new access token and then a refresh token.
• The existing tokens become invalid in the following scenarios, and a user must reauthenticate and obtain a new access token.
  • Token expired.
  • Login-authentication method changed.
  • User account associated with the token deleted or blocked (local users only).
  • Changed user password (local users only).
  • Changed user role (local users only).