The JWT lifetime is very long. The audit recommendation is to shorten the lifetime of the tokens.
Solution
The solution to this is related to the issue with storing organization credentials locally, i.e. jwt auth tokens should be short lived but a refresh token should be added in order to refresh the short lived auth tokens.
Problem
The JWT lifetime is very long. The audit recommendation is to shorten the lifetime of the tokens.
Solution
The solution to this is related to the issue with storing organization credentials locally, i.e. jwt auth tokens should be short lived but a refresh token should be added in order to refresh the short lived auth tokens.
Alternatives
No response