You can define the expiration timeout of JSON Web Tokens (JWT) to limit the session duration. There are two types of tokens in the JWT authentication process.

Access Token: An access token functions as a credentials document that validates a user's or client's entitlement to reach specific resources. The server generates this token upon successful user authentication or authorization. The access token remains valid for a restricted duration, during which the client can utilize it to gain entry to designated resources.

Refresh Token: A refresh token serves the purpose of renewing an access token upon its expiration. For instance, this renewal might be necessary when a user logs out or when the access token itself has reached its validity period. Unlike the access token, the refresh token remains valid for an extended duration and is primarily utilized for user authentication and authorization. By presenting the refresh token to the server, the user can obtain a fresh access token. This mechanism facilitates uninterrupted user sessions, eliminating the need for frequent logins.

Configuring the JWT Token Expiration

You can navigate to this page by clicking the Settings button on the Account image in the upper right corner.

In the settings page, you can configure the timeout types and values of Access Token and Refresh Token separately.