Configure tokens

Link to this section

Tokens are an essential part of keeping your application secure. They enable the continued verification of users and applications (including APIs), and are a mechanism for detecting unauthorized intruders.

There are several types of tokens - ID tokens, access tokens, refresh tokens - with the main configuration task being to define the lifetime of each token.

Set token lifetimes

Link to this section

Tokens need to be updated and refreshed to remain secure, which is why you need to set how long a token lasts, for each token type. This needs to be configured per application.

  1. Go to Settings > Environment > Applications.
  2. Select View details on the application tile.
  3. Select Tokens in the side menu.
  4. For each token type, set the expiry time in seconds. Tip: 3,600 seconds is one hour; 84,000 seconds is one day.
  5. Select Save.

Revoke access and refresh tokens

Link to this section

You can revoke access and refresh tokens via the Kinde Management API. Search the Kinde API docs.

Talk to us

If you can’t find what you’re looking for in our help center — email our team

Contact us