WSO2 Api Manager - How to change the expiration time of JWT?

I want to change the expiration time of JWT token created in WSO2 Api Manager. It seems that the default time is 15 minutes.

{"typ":"JWT","alg":"none"}.
{
"iss": "wso2.org/products/am",
"exp": 1464255150998,
 ...
}

From this link - Wso2 Jira - APIMANAGER-3493 , it seems that we can use "SecurityContextTTL" property in /repository/conf/api-manager.xml under APIKeyManager to change the expiration time of the JWT.

But I could not find this setting available in api-manager.xml (not even as a commented out configuration). I am using wso2am-1.9.1.

Is this property removed from the configurations? If yes, then how can we change the expiration time of the JWT?

Is there any documentation available mentioning about this property and its usage?

Any pointers are appreciated. Thanks.

It should be applied as follows, under APIKeyValidator section,

   <APIKeyValidator>
           <SecurityContextTTL>5</SecurityContextTTL>
   </APIKeyValidator>

But as per the Jira you mentioned, it seems there is a bug in this version.

WSO2 has fixed this in next version(2.0.0), using a new property, see [1].

[1] https://wso2.org/jira/browse/APIMANAGER-4575

来源：https://stackoverflow.com/questions/37576348/wso2-api-manager-how-to-change-the-expiration-time-of-jwt

标签

wso2

jwt

wso2-am

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!