dougwilson
commented
3 years ago Hello, and thank you for your questions. I'm not sure if you posted in the right place, as this module is simply a parser for the basic auth mechanism of the Authorization header. See RFC 7617 for details for how it works, but I don't believe any of those features are part of basic auth.
Is there a way to determine how long the validation token will last? What is the default? Is there an option to determine the length of time it stays valid?
Where is this information stored on the client?
For example, if you wanted the validation to only last for the session (in other words, when the window is closed, they would have to revalidate on a new window to get back in), how would you indicate that?