Increasing authentication token length and changing expiry time

visvamba · January 26, 2021, 9:39am

Description

I’m using the REST API for user authentication, and I have a security requirement for longer authentication tokens (>256 chars as opposed to RC default which 44 chars). Any way to configure this, or if I need to make a code change, which modules should I be looking at?

Aside from that, is there a way to set a shorter expiry on the authentication tokens, e.g. 8 hours? From the administration panel, the minimum seems to be 1 day.

Server Setup Information

Version of Rocket.Chat Server: 3.9.3
Operating System: Ubuntu 20.04
Deployment Method: Docker-Compose
Number of Running Instances: 1

beenmeckel · February 15, 2021, 9:57pm

The point of a refresh token is to make sure that if someone gets your access token, they can only abuse it for about an hour before it expires.

Topic		Replies	Views
Auth token refresh rate? Community Support	2	766	July 22, 2022
Invalidate REST API token Community Support	0	1216	June 3, 2020
Login Expiration Community Support rocketchat-apps	1	71	July 28, 2024
App login expires Community Support	1	1511	August 25, 2021
'Token expired' while resetting password Community Support	2	1409	January 21, 2023

[Rocket.Chat v7.0: Join the webinar] Roadmap Reveal: on-prem AI, VoIP, and more! Save your seat ->

Increasing authentication token length and changing expiry time

Description

Server Setup Information

Related topics