The authentication sessions in our system are crucial to maintaining secure access to the endpoints. To manage session authentication, we employ two different timeouts: refresh token timeout and access token timeout.

Refresh Token Timeout

The refresh token timeout defines the overall duration of the session, with a default value of 100 days. This extended duration allows users to remain logged in for an extended period, eliminating the need for frequent reauthentication.

Access Token Timeout

On the other hand, the access token timeout does not affect the overall session duration. Instead, it dictates the frequency of session refreshes, which is set to occur every hour of inactivity. The primary goal of this timeout is to enhance session security by requiring periodic reauthentication, without negatively affecting the user experience.

By employing these two timeouts, we ensure that users can access the endpoints securely without compromising the safety of their data.

Token Renewal Endpoint

To refresh an expired access token, use the /auth/session/refresh endpoint. This endpoint retrieves the refresh token from cookies and issues a new access token, valid for another hour.

Example Request

  curl --location --request POST 'https://my-project.fastgenapp.com/auth/session/refresh'