Maximum token expiry seconds

What is the maximum token expiry seconds?
Can I generate unlimited lifetime tokens?

We usually recommend token lifetime is set to 2-3x the average play session, and clients should always be prepared to handle re-authentication. What’s your use case for tokens with no expiry?

For the record there’s no ‘unlimited’ value at the moment, but you can set the expiry value high enough that it’s effectively the same thing.

My use case is a social application not a game but it doesnt matter.
I want to know what is maximum possible value for token expiry in the config file?

@nkadd The maximum possible value is whatever value you can pass in seconds to the server at startup. This will likely be MAX_INT.

I found it.
As it is an int64 type (link) the max value is 9223372036854775807

Small correction, the token expiry seconds are added to the current time when the token is generated so we can store an absolute expiry point in time in the token claims.

So your actual max token expiry should be max int64 - current time in UTC seconds. If you put 9223372036854775807 as the expiry config value I suspect you’ll see an overflow and a negative value will be put into the token, making it invalid.

I suggest you use a high enough value that it’s functionally the same as ‘infinite’, like 100 years in seconds.