DEV Community

Discussion on: GraphQL RBAC without JWT Roles

Collapse
 
cyberhck profile image
Nishchal Gautam

Jwts aren't issued for a day, it's at most 30 mins, 15 being a good default

Collapse
 
verneleem profile image
verneleem

this is dependent on the issuer of the JWT, you could be using a service that issues JWTs valid for 100 years, or you could be using a 3rd party JWT issueing service that doesn't support custom roles in the JWT on the free plan too ;)

Collapse
 
cyberhck profile image
Nishchal Gautam

Obviously what I meant here was one shouldn't issue a jwt which is valid for too long, if third party doesn't allow, don't use that service