Supabase
-
|
I'm trying to figure out whether the access token's life-time is the same as the refresh token's? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
access_tokens are valid for 1 hour by default, but that can be changed on the dashboard under the JWT_EXP field. Whenever a user is authenticated, we return an access_token and refresh_token pair. Once the access token expires, the user has to use the refresh_token to obtain a new access_token, which also generates a new refresh_token in the process. |
Beta Was this translation helpful? Give feedback.
access_tokens are valid for 1 hour by default, but that can be changed on the dashboard under the JWT_EXP field.
There is no expiry date for refresh_tokens, but they can only be used once and will be revoked after.
Whenever a user is authenticated, we return an access_token and refresh_token pair. Once the access token expires, the user has to use the refresh_token to obtain a new access_token, which also generates a new refresh_token in the process.