With 2.2.3 Stateless authentication tokens must expire within 24 hours of being issued.
It appears that it may be more appropriate to focus this requirement on applications that use stateless tokens not are non-revocable (no mechanism to invalidate a token with a long expiration time). This better represents the risk of utilizing stateless authentication tokens with long running durations.
With 2.2.3 Stateless authentication tokens must expire within 24 hours of being issued.
It appears that it may be more appropriate to focus this requirement on applications that use stateless tokens not are non-revocable (no mechanism to invalidate a token with a long expiration time). This better represents the risk of utilizing stateless authentication tokens with long running durations.