Hi, I saw how to configure JWT expiration in Strapi docs, but it has only days, hours, and seconds to configure expiration.
How do I set JWT expiration to years ?
Never mind, I just had to put y as year. This is how I set the JWT expiration for 5 years.
If I login and get the JWT, then decode it to jwt.io, it will show that the token expires in 5 years :
Perhaps, this is not recommended in terms of security perspective. However, I needed to do this for particular purpose.
Note for Strapi v4 users :
use the config/plugin.js to update the expiration time.
From Fix JWT using wrong file and structure by derrickmehaffy · Pull Request #649 · strapi/documentation · GitHub
module.exports = ({ env }) => ({
///...other plugis
'users-permissions': {
config: {
jwt: {
expiresIn: '1y',
},
},
},
});
1 Like
I would like to remind everyone reading this:
WE STRONGLY DISCOURAGE YOU FROM DOING THIS!
In Strapi v4 we introduced API Tokens and are currently working on API Tokens v2 with RBAC capabilities that should fit the need of most users instead of extending the expiration of a JWT.
Once a JWT is issued, YOU CANNOT revoke it without changing the JWT secrets which will revoke all JWTs issued and requires a server restart.
Please do not do this.
This is exactly what I needed! I set my jwt to expire in 3h. That seems reasonable for my app.
I put this same setting that the solution suggested, but the expiration time hasn’t changed yet. It persists for 1 month, any idea why this is happening?
module.exports = ({ env }) => ({
upload: {
config: {
provider: "string",
providerOptions: {
baseUrl: `string`,
rootPath: env("string") ?? "",
s3Options: {
accessKeyId: env("string"),
secretAccessKey: env("string"),
region: env("string"),
params: {
ACL: env("string"),
signedUrlExpires: env("string", 15 * 60),
Bucket: env("string"),
},
},
},
actionOptions: {
upload: {},
uploadStream: {},
delete: {},
},
},
},
'users-permissions': {
config: {
jwt: {
expiresIn: '1d',
},
},
},
});