Skip to content

Commit

Permalink
RDTKF-22372 clarified session timeout
Browse files Browse the repository at this point in the history
  • Loading branch information
@OutSystemsAMM
OutSystemsAMM authored Jan 23, 2025
1 parent f285468 commit 25654ed
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/eap/manage-platform-app-lifecycle/platform-architecture/identity.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,6 @@ If the token validation is successful, the edge of the service checks the user's

The **ID** token contains information about the identity of the authenticated user, such as name and email. The **access** token contains information about the user's permissions. Transfer of JWTs between the client and service is over the OAuth 2 protocol.

When a user logs out, the tokens are invalidated. The tokens have a maximum lifespan of 12 hours. When the tokens expire, the user has to re-authenticate.
When a user logs out, the tokens are invalidated. The tokens have a maximum lifespan of 12 hours. When the tokens expire, the user has to re-authenticate. This effectivelly means that the session timeout is always of 12 hours.

In the diagram, a user working in ODC Portal to access a REST API endpoint in a second Platform service is a valid example. Another valid example is a user working in a browser to access a REST API endpoint on a protected screen in an app.

0 comments on commit 25654ed

Please sign in to comment.