Access Token signing key rotation

About#

Access Token signing key rotation implies that the secret key for signing the access tokens will be changed at a fixed time interval. This reduces the risk of key theft.

info

Existing logged in users are not logged out on key change.
This feature is enabled by default.

Changing this setting#

The Access Token signing key rotation feature can be switched on / off and its interval can be set through the following configurations

With Docker
Without Docker

docker run \
  -p 3567:3567 \
  -e ACCESS_TOKEN_SIGNING_KEY_DYNAMIC=true \
  -e ACCESS_TOKEN_SIGNING_KEY_UPDATE_INTERVAL=168 \
  -d registry.supertokens.io/supertokens/supertokens-<db name>

# You need to add the following to the config.yaml file.
# The file path can be found by running the "supertokens --help" command

access_token_signing_key_dynamic: true
access_token_signing_key_update_interval: 168

access_token_signing_key_dynamic
- If this is set to true, the access token signing key will change every fixed interval of time.
- It must be set to a boolean value with, the default value set to true.
access_token_signing_key_update_interval
- Time in hours for how frequently the signing key will change.
- It must be set to a number value with, the default value set to 168

info

For managed service, these values can be updated by visiting our dashboard.

Auth Methods

Add ons

Access Token signing key rotation

About#

info

Changing this setting#

info