Login and Logout Settings

Summary:

ParameterDuration
Inactivity Timeout6 hours
Require Login after24 hours
Absolute Lifetime (Rotation Token)24 hours
Inactive Lifetime (Rotation Token)1 hour
Inactive Lifetime (Refresh Token)6 hours (21600 seconds)
Inactive Lifetime (ID Token)1800 seconds
Inactive Lifetime (Access Token)7200 seconds

Login-Logout Configuration:

  1. Users will be asked to log in again unless they are active within a 6 hours period.
  2. Regardless of the activity, users must log in after 24 hours duration.

Zluri has also enabled the rotation token, which has a different configuration.

Token Configuration:

  1. The absolute lifetime of the rotation token is set as 24 hours.
  2. The inactive lifetime of the rotation token is set as 1 hour.
  3. If the rotation token is invalid - the app will try to silently authenticate again which has inactivity set to 6 hours.
  4. The inactive lifetime of the refresh token is set as 6 hours.
  5. The inactive lifetime of the ID token is set as 1800 seconds.
  6. The inactive lifetime of the access token is set as 7200 seconds

Inactivity Lifetime:

  1. The inactivity lifetime provides an additional security measure by allowing tokens to expire if they have been inactive for a specific duration.
  2. This prevents long-lived unused tokens from posing a security threat.

Absolute Lifetime:

  1. The absolute lifetime of the rotation token sets an upper limit on the total lifespan of the refresh token. 
  2. This is not dependent on the user activity.
  3. This ensures even if the token is unused; it will eventually expire.