Manage token expiration

Token expiration ensures authentication credentials remain valid for a limited time, reducing risks like unauthorized access and token misuse. Use weka security token-expiry commands to configure token lifetimes and maintain a secure, policy-aligned authentication environment.

View existing token expiration settings

Command: weka security token-expiry show

This command displays the default and maximum expiration times for access and refresh tokens.

Set token expiration

Command: weka security token-expiry set

This command allows you to define the default and maximum expiration times for both access and refresh tokens.

weka security token-expiry set [--access-token access-token] [--refresh-token refresh-token] [--access-token-max access-token-max] [--refresh-token-max refresh-token-max]

Parameters

Examples:

• To set the default access token lifetime to 5 minutes and refresh token lifetime to 2 weeks:

weka security token-expiry set --access-token 5m --refresh-token 2w

• To enforce stricter maximum values for token lifetimes:

Recommendations for token expiration

Access tokens

• Default lifetime: Set to 5 minutes.

• Maximum lifetime: Enforce a maximum of 5 minutes.

• Reason: Shorter lifetimes reduce exposure to risks from stale tokens and ensure permissions are frequently reevaluated.

Refresh tokens

• Default Lifetime: Set to 2 weeks.

• Maximum Lifetime: Enforce a maximum of 2 weeks.

• Reason: This balance minimizes reauthentication burdens while ensuring periodic user validation.