JWT Token Options

Token Settings

SettingDefaultOptionsDescription
Refresh Token Lifetime0any non-zero valueRecommendation : Keep refresh token lifetime long ideally 3 months or more.
Refresh Token Unitnevernever, days, or monthsIf value is never then refresh token never expires.
Access Token Lifetime12any non-zero valueRecommendation : Keep access token lifetime short
Access Token Unithoursminutes, hours, daysRecommendation: Keep access token lifetime short
Access Token Typejwtjwt, opaqueCurrently we only allow use of JWT based access tokens.
Signing AlgorithmRSA Signature with SHA-256RSA Signature with SHA-256, ECDSA using P-256Signing algorithm for jwt-based access token. Refresh token is opaque string so no signing required.
Allowed claimsrolesopenid, profile, email, phone, address, orgs, permissions, rolesList of claims allowed to be included in the issued access token.
important
  • In Axioms, Access tokens are JWT-based and signed by signing algorithm. Axioms allow only one signing algorithm per tenant to support federation.
  • Multiple resources (APIs) registered in a tenant can use same access token as long as token audience value includes resource identifier or resource endpoint.
  • Refresh token are opaque and generally long-lived. Refresh tokens can be revoked by user any time from their hosted profile pages.

JWT Token Options

Navigate to Tenant and then find JWT Token Options panel under Tenant Settings tab. Change JWT token options and click Update Details.

Manage JWT Token Options
Manage JWT Token Options