Authentication

Token Expiration Settings

You can define the expiration timeout of JSON Web Tokens (JWT) to limit the session duration. There are two types of tokens in the JWT authentication process.

Access Token: An access token functions as a credentials document that validates a user's or client's entitlement to reach specific resources. The server generates this token upon successful user authentication or authorization. The access token remains valid for a restricted duration, during which the client can utilize it to gain entry to designated resources.

Refresh Token: A refresh token serves the purpose of renewing an access token upon its expiration. For instance, this renewal might be necessary when a user logs out or when the access token itself has reached its validity period. Unlike the access token, the refresh token remains valid for an extended duration and is primarily utilized for user authentication and authorization. By presenting the refresh token to the server, the user can obtain a fresh access token. This mechanism facilitates uninterrupted user sessions, eliminating the need for frequent logins.

In the settings page, you can configure the timeout types and values of Access Token and Refresh Token separately.

Report Access Settings

Determines the access status to the scan reports generated as a result of the scan. Users can access scan reports without logging in, or you can force them to log in to see the reports.