Why is the ID_TOKEN_EXPIRE_SECONDS setting value not in the documentation?

[junwoo777]

The current default setting is 36000 seconds, but it is not documented that this value can be configured. Is the omission of ID_TOKEN_EXPIRE_SECONDS from the documentation intentional for security reasons?

[n2ygk]

No, not security through obscurity. After all the source code is public and you were able to see it. It's just something that got missed. See https://django-oauth-toolkit.readthedocs.io/en/latest/settings.html#access-token-expire-seconds which is in the docs as an example of a closely related expiration that is also defaulted to 36000 seconds.

A documentation PR would be appreciated.