Which frontend SDK do you use?

supertokens-web-js / mobile

supertokens-auth-react

Access Token signing key rotation

About

Access Token signing key rotation implies that the secret key for signing the access tokens will be changed at a fixed time interval. This reduces the risk of key theft.

info

• Existing logged in users are not logged out on key change.
• This feature is enabled by default.

Changing this setting

The Access Token signing key rotation feature can be switched on / off and its interval can be set through the following configurations

With Docker

docker run \
  -p 3567:3567 \
  -e ACCESS_TOKEN_SIGNING_KEY_DYNAMIC=true \
  -e ACCESS_TOKEN_SIGNING_KEY_UPDATE_INTERVAL=168 \
  -d registry.supertokens.io/supertokens/supertokens-<db name>

Without Docker

# You need to add the following to the config.yaml file.
# The file path can be found by running the "supertokens --help" command

access_token_signing_key_dynamic: true
access_token_signing_key_update_interval: 168

• access_token_signing_key_dynamic
  • If this is set to true, the access token signing key will change every fixed interval of time.
  • It must be set to a boolean value with, the default value set to true.
• access_token_signing_key_update_interval
  • Time in hours for how frequently the signing key will change.
  • It must be set to a number value with, the default value set to 168

info

For managed service, these values can be updated by visiting our dashboard.