WSO2 Api Manager - How to change the expiration time of JWT?

Question

I want to change the expiration time of JWT token created in WSO2 Api Manager. It seems that the default time is 15 minutes.

{"typ":"JWT","alg":"none"}.
{
"iss": "wso2.org/products/am",
"exp": 1464255150998,
 ...
}

From this link - Wso2 Jira - APIMANAGER-3493 , it seems that we can use "SecurityContextTTL" property in /repository/conf/api-manager.xml under APIKeyManager to change the expiration time of the JWT.

But I could not find this setting available in api-manager.xml (not even as a commented out configuration). I am using wso2am-1.9.1.

Is this property removed from the configurations? If yes, then how can we change the expiration time of the JWT?

Is there any documentation available mentioning about this property and its usage?

Any pointers are appreciated. Thanks.

Lahiru Sandaruwan Gamage Lahiru Sandaruwan Gamage · Accepted Answer · 2016-06-01T19:25:13

It should be applied as follows, under APIKeyValidator section,

   <APIKeyValidator>
           <SecurityContextTTL>5</SecurityContextTTL>
   </APIKeyValidator>

But as per the Jira you mentioned, it seems there is a bug in this version.

WSO2 has fixed this in next version(2.0.0), using a new property, see [1].

[1] https://wso2.org/jira/browse/APIMANAGER-4575

WSO2 Api Manager - How to change the expiration time of JWT?

1 Answers