From 25654ed84079bfbb23f62ad8ede539d3d0fa16bb Mon Sep 17 00:00:00 2001
From: Ana Martins <60753223+OutSystemsAMM@users.noreply.github.com>
Date: Thu, 23 Jan 2025 14:31:30 +0000
Subject: [PATCH] RDTKF-22372 clarified session timeout

---
 .../platform-architecture/identity.md                           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/eap/manage-platform-app-lifecycle/platform-architecture/identity.md b/src/eap/manage-platform-app-lifecycle/platform-architecture/identity.md
index ca8e2266..37bc9b38 100644
--- a/src/eap/manage-platform-app-lifecycle/platform-architecture/identity.md
+++ b/src/eap/manage-platform-app-lifecycle/platform-architecture/identity.md
@@ -83,6 +83,6 @@ If the token validation is successful, the edge of the service checks the user's
 
 The **ID** token contains information about the identity of the authenticated user, such as name and email. The **access** token contains information about the user's permissions. Transfer of JWTs between the client and service is over the OAuth 2 protocol.
 
-When a user logs out, the tokens are invalidated. The tokens have a maximum lifespan of 12 hours. When the tokens expire, the user has to re-authenticate.
+When a user logs out, the tokens are invalidated. The tokens have a maximum lifespan of 12 hours. When the tokens expire, the user has to re-authenticate. This effectivelly means that the session timeout is always of 12 hours.
 
 In the diagram, a user working in ODC Portal to access a REST API endpoint in a second Platform service is a valid example. Another valid example is a user working in a browser to access a REST API endpoint on a protected screen in an app.