Table of Contents

How Authlete Determines Token Duration

Overview

Authlete 3.0 calculates the effective token duration by evaluating configurations at multiple levels. The final duration is determined based on the following priority order:

Service Level: If no other duration is specified, the service-level token duration is used.
Scope Level: If the token duration is configured for any of the requested scopes, it overrides the service-level duration. Authlete uses the shortest duration among all requested scopes.
Client Level: If a token duration is set for the requesting client, it overrides both the service-level and scope-level durations.

This ensures that the token’s lifetime reflects the most granular and specific configuration available.

Token Duration Calculation Process

Service Level:
- Authlete starts with the token duration configured at the service level.
Scope Level:
- If the request includes scopes with configured durations, Authlete selects the shortest duration among those scopes.
Client Level:
- If the requesting client has a configured token duration, it takes precedence over both service-level and scope-level durations.

Example

Level	Token Duration (seconds)
Service	86,400
Scope (`read`)	3,600
Scope (`write`)	600
Client	300

Scenario 1: Request without scopes → Token duration is 86,400 (service level).
Scenario 2: Request with read scope → Token duration is 3,600 (scope level).
Scenario 3: Request with write scope → Token duration is 600 (scope level).
Scenario 4: Request with read and write scopes → Token duration is 600 (shortest scope-level duration).
Scenario 5: Request by a client with configured duration → Token duration is 300 (client level overrides all).