For Authlete 2.x documentation, see 2.x version.
Overview
Authlete 3.0 calculates the effective token duration by evaluating configurations at multiple levels. The final duration is determined based on the following priority order:- Service Level: If no other duration is specified, the service-level token duration is used.
- Scope Level: If the token duration is configured for any of the requested scopes, it overrides the service-level duration. Authlete uses the shortest duration among all requested scopes.
- Client Level: If a token duration is set for the requesting client, it overrides both the service-level and scope-level durations.
Token Duration Calculation Process
- Service Level:
- Authlete starts with the token duration configured at the service level.
- Scope Level:
- If the request includes scopes with configured durations, Authlete selects the shortest duration among those scopes.
- Client Level:
- If the requesting client has a configured token duration, it takes precedence over both service-level and scope-level durations.
Example
| Level | Token Duration (seconds) |
|---|---|
| Service | 86,400 |
Scope (read) | 3,600 |
Scope (write) | 600 |
| Client | 300 |
86,400 (service level).Scenario 2: Request with
read scope → Token duration is 3,600 (scope level).Scenario 3: Request with
write scope → Token duration is 600 (scope level).Scenario 4: Request with
read and write scopes → Token duration is 600 (shortest scope-level duration).Scenario 5: Request by a client with configured duration → Token duration is
300 (client level overrides all).