Increasing authentication token length and changing expiry time


I’m using the REST API for user authentication, and I have a security requirement for longer authentication tokens (>256 chars as opposed to RC default which 44 chars). Any way to configure this, or if I need to make a code change, which modules should I be looking at?

Aside from that, is there a way to set a shorter expiry on the authentication tokens, e.g. 8 hours? From the administration panel, the minimum seems to be 1 day.

Server Setup Information

  • Version of Rocket.Chat Server: 3.9.3
  • Operating System: Ubuntu 20.04
  • Deployment Method: Docker-Compose
  • Number of Running Instances: 1

The point of a refresh token is to make sure that if someone gets your access token, they can only abuse it for about an hour before it expires. 9Apps Showbox Tutuapp