Skip to main content

Access Token signing key rotation

About#

Access Token signing key rotation implies that the secret key for signing the access tokens will be changed at a fixed time interval. This reduces the risk of key theft.

info
  • Existing logged in users are not logged out on key change.
  • This feature is enabled by default.

Changing this setting#

The Access Token signing key rotation feature can be switched on / off and its interval can be set through the following configurations

docker run \
-p 3567:3567 \
-e ACCESS_TOKEN_SIGNING_KEY_DYNAMIC=true \
-e ACCESS_TOKEN_SIGNING_KEY_UPDATE_INTERVAL=168 \
-d registry.supertokens.io/supertokens/supertokens-<db name>
  • access_token_signing_key_dynamic
    • If this is set to true, the access token signing key will change every fixed interval of time.
    • It must be set to a boolean value with, the default value set to true.
  • access_token_signing_key_update_interval
    • Time in hours for how frequently the signing key will change.
    • It must be set to a number value with, the default value set to 168
info

For managed service, these values can be updated by visiting our dashboard.

Which frontend SDK do you use?
supertokens-web-js / mobile
supertokens-auth-react