# Authentication

<figure><img src="/files/rPfvkuOCumqLmpf0zTAc" alt=""><figcaption><p>Authentication Configuration</p></figcaption></figure>

## Token Expiration Settings

You can define the expiration timeout of `JSON Web Tokens (JWT)` to limit the session duration. There are two types of tokens in the JWT authentication process.

**Access Token:** An access token functions as a credentials document that validates a user's or client's entitlement to reach specific resources. The server generates this token upon successful user authentication or authorization. The access token remains valid for a restricted duration, during which the client can utilize it to gain entry to designated resources.

**Refresh Token:** A refresh token serves the purpose of renewing an access token upon its expiration. For instance, this renewal might be necessary when a user logs out or when the access token itself has reached its validity period. Unlike the access token, the refresh token remains valid for an extended duration and is primarily utilized for user authentication and authorization. By presenting the refresh token to the server, the user can obtain a fresh access token. This mechanism facilitates uninterrupted user sessions, eliminating the need for frequent logins.

In the settings page, you can configure the timeout types and values of Access Token and Refresh Token separately.

<figure><img src="/files/WyRBluzUyBNsQTm8aYg6" alt=""><figcaption><p>Token Expiration Settings</p></figcaption></figure>

## Report Access Settings

Specifies whether the generated reports can be accessed only by authenticated users or also by unauthenticated users.

**Authenticated:** The term **authenticated** refers to users who have successfully completed the authentication process and are authorized to access the system.

**Unauthenticated:** The term unauthenticated refers to users who have not completed the authentication process and therefore do not have authorized access to the system.

<figure><img src="/files/PltcWawLH6MFzZSKN1CO" alt=""><figcaption><p>Report Access Settings</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.forestall.io/fsprotect/settings/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.