Security Settings
Configure session lifetimes and token expiration.
Security settings control how long sessions and tokens remain valid.
Configuration
Dashboard: Auth Server > Security
Admin API:
# Get current settings
curl http://localhost:5062/sqlos/admin/auth/api/settings/security
# Update settings
curl -X PUT http://localhost:5062/sqlos/admin/auth/api/settings/security \
-H "Content-Type: application/json" \
-d '{
"refreshTokenLifetimeMinutes": 10080,
"sessionIdleTimeoutMinutes": 1440,
"sessionAbsoluteLifetimeMinutes": 43200
}'
Settings
| Setting | Default | Description |
|---|---|---|
| Refresh token lifetime | 7 days | How long a refresh token is valid |
| Session idle timeout | 1 day | Session expires after inactivity |
| Session absolute lifetime | 30 days | Hard expiration regardless of activity |
Access token lifetime
The access token lifetime is configured separately in startup code since it affects JWT generation:
options.UseAuthServer(auth =>
{
auth.AccessTokenLifetime = TimeSpan.FromMinutes(15);
});
Reading settings in code
var settings = await settingsService.GetResolvedSecuritySettingsAsync(ct);
// settings.RefreshTokenLifetime → TimeSpan
// settings.SessionIdleTimeout → TimeSpan
// settings.SessionAbsoluteLifetime → TimeSpan