我想知道我可以设置的 JWT 令牌过期的最大值是多少.
I want to know what is the max value I can set of the JWT token expiration.
谢谢!
推荐答案过期时间没有规定.主要取决于使用token的上下文.
There is no rule about the expiration time. It mainly depends on the context where the token is used.
RFC7519 第 4 节:
JWT 必须包含才能被视为有效的声明集取决于上下文,并且超出了本规范的范围.
The set of claims that a JWT must contain to be considered valid is context dependent and is outside the scope of this specification.
因此,您可以考虑,对于关键进程,可能需要较短的生命周期(仅几秒或几分钟).对于琐碎的上下文,一个月的生命周期,一年甚至一个没有过期时间的令牌都是可以接受的.
Thus you can consider that for critical processes, a short lifetime may be needed (only few seconds or minutes). For trivial contexts, one month lifetime, one year or even a token without expiration time could be acceptable.
更多推荐
JWT 令牌接受的最长过期时间是多少
发布评论