# Manage token expiration

Token expiration ensures authentication credentials remain valid for a limited time, reducing risks like unauthorized access and token misuse. Use `weka security token-expiry` commands to configure token lifetimes and maintain a secure, policy-aligned authentication environment.

### View existing token expiration settings <a href="#view-existing-token-expiration-settings" id="view-existing-token-expiration-settings"></a>

**Command:** `weka security token-expiry show`

This command displays the default and maximum expiration times for access and refresh tokens.

### Set token expiration <a href="#set-token-expiration" id="set-token-expiration"></a>

**Command:** `weka security token-expiry set`

This command allows you to define the default and maximum expiration times for both access and refresh tokens.

{% code overflow="wrap" %}

```
weka security token-expiry set [--access-token access-token] [--refresh-token refresh-token] [--access-token-max access-token-max] [--refresh-token-max refresh-token-max]
```

{% endcode %}

**Parameters**

<table><thead><tr><th width="227.93359375">Parameter</th><th>Description</th></tr></thead><tbody><tr><td><code>access-token</code></td><td>Default lifetime of an access token.<br>Possible values: 3s, 2h, 4m, 1d, 1d5h, 1w, infinite/unlimited</td></tr><tr><td><code>refresh-token</code></td><td>Default lifetime of a refresh token.<br>Possible values: 3s, 2h, 4m, 1d, 1d5h, 1w, infinite/unlimited</td></tr><tr><td><code>access-token-max</code></td><td>Maximum allowable lifetime for an access token.<br>Possible values: 3s, 2h, 4m, 1d, 1d5h, 1w, infinite/unlimited</td></tr><tr><td><code>refresh-token-max</code></td><td>Maximum allowable lifetime for a refresh token.<br>Possible values: 3s, 2h, 4m, 1d, 1d5h, 1w, infinite/unlimited</td></tr></tbody></table>

**Examples:**

* To set the default access token lifetime to 5 minutes and refresh token lifetime to 2 weeks:

```
weka security token-expiry set --access-token 5m --refresh-token 2w
```

* To enforce stricter maximum values for token lifetimes:

```
weka security token-expiry set --access-token-max 5m --refresh-token-max 2w
```

### Recommendations for token expiration <a href="#recommendations-for-token-expiration" id="recommendations-for-token-expiration"></a>

#### **Access tokens**

* **Default lifetime**: Set to 5 minutes.
* **Maximum lifetime**: Enforce a maximum of 5 minutes.
* **Reason**: Shorter lifetimes reduce exposure to risks from stale tokens and ensure permissions are frequently reevaluated.

#### **Refresh tokens**

* **Default Lifetime**: Set to 2 weeks.
* **Maximum Lifetime**: Enforce a maximum of 2 weeks.
* **Reason**: This balance minimizes reauthentication burdens while ensuring periodic user validation.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.weka.io/security/manage-token-expiration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.