JWT 令牌接受的最长过期时间是多少 [英] What is the max expiration time accepted by JWT tokens

问题描述

我想知道我可以设置的 JWT 令牌过期的最大值是多少.

I want to know what is the max value I can set of the JWT token expiration.

谢谢！

推荐答案

过期时间没有规定.主要取决于使用token的上下文.

There is no rule about the expiration time. It mainly depends on the context where the token is used.

RFC7519 第 4 节:

JWT 必须包含才能被视为有效的声明集取决于上下文，并且超出了本规范的范围.

The set of claims that a JWT must contain to be considered valid is context dependent and is outside the scope of this specification.

因此，您可以考虑，对于关键进程，可能需要较短的生命周期(仅几秒或几分钟).对于琐碎的上下文，一个月的生命周期，一年甚至一个没有过期时间的令牌都是可以接受的.

Thus you can consider that for critical processes, a short lifetime may be needed (only few seconds or minutes). For trivial contexts, one month lifetime, one year or even a token without expiration time could be acceptable.

这篇关于JWT 令牌接受的最长过期时间是多少的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！