Replies: 3 comments
-
|
@cocowalla did you find out something? |
Beta Was this translation helpful? Give feedback.
-
|
@bekanne No, and the tokens returned by Umami aren't regular JWTs, so I've no idea how to even decode them. Docs still don't say anything about expiry time either 🤷 EDIT: I also had a quick look at the code. I'm not really a TypeScript kinda guy, and I know nothing of Next.js, so it's quite possible I'm missing something, but AFAIKT, here is what I found. When logging in, it hits saveAuth, which points to createSecureToken, which in turn uses createToken to create a JWT... and then... strangely appears to encrypt the entire JWT using AES-256-GCM, resulting in a totally opaque blob? AFAICS, there is no expiry and tokens are valid until the Umami server restarts - but please note I've no clue how Next.js authentication works, so I'm happy to be corrected if anyone knows better 👍 |
Beta Was this translation helpful? Give feedback.
-
|
For those who still looking for an answer, based on the source code, if you don't use redis (normally it's not enabled), the token has "No Expiry" date. Which means the token remains valid until user changes password or secret key. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
The docs explain how to authenticate and obtain a bearer token for use with the API - but do the obtained tokens expire?
If so, after how long? Does the API return a particular response for expired tokens?
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions