2
For a while I used the Json Web Token (JWT)
to do the entire authentication process of most systems on which I work on Node.js.
But today, developing one of my personal projects, I took a look at the token verification process, I came across this expiresIn
and I was left with some doubts:
- If I want to leave the maximum expiration time, there are risks to system security?
- There is a certain "default" time for expiration of tokens?
Example of sign
jwt
const token = jwt.sign({ id: user.result[0].id }, authConfig.secret, {
expiresIn: 86400,
});
Well, I’ve been researching inside the library documentation and nothing answered exactly what I’d like to know.
If you are only putting the user ID on JWT, why not simply use a session on back-end?
– Luiz Felipe
Because it is an API, the authentication token is required. Not counting the security factors.
– Victor Hugo