Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.


Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

Wekan / General

login, tokens and expiration

login, tokens and expiration

Wekan / General · April 14, 2020 at 5:01pm

Once you have registered and then logged in with Password you get a token with a token expiration date.

If you do not logout ,that token and its expiration determines how long you can go to the site before you have to re-authenticate, correct?

If you logout, is that token still good for the duration of the original expiration date or are you re-issued a new token with a further in future expiration date?

Where can I change that expiration to a longer or short time? (in the api) or (in the GUI) or (in mongo collection)

Can I remove the expiration time so it never times out? (in the api) or (in the GUI) or (in mongo collection)

Can I force the token to expire prematurely with no user activity for a while (like 4 hours)? (in the api) or (in the GUI) or (in mongo collection)

I have an application where for some features for some users are already logged into another application and for many accounts they all see wekan as a web page embed, so getting another challenge/response to auth into wekan is a limitation. Call it a trust relationship between the two apps. The mother app has a very high authentication hurtle (three keys and two factor). Trting to automate or at least streamline the auth back into wekan.

Thanks as always

No messages have been sent in this conversation yet—why don’t you kick things off below?