Extend JWT token expiration times

Access tokens now last 1 hour (up from default 15 min) and refresh tokens last 30 days, reducing frequent re-authentication. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-05 10:10:47 -04:00
parent 975a337af4
commit 07c272c96a
1 changed files with 3 additions and 0 deletions
--- a/app.py
+++ b/app.py
@@ -1,5 +1,6 @@
 import logging
 import os
+from datetime import timedelta

 from dotenv import load_dotenv
 from quart import Quart, jsonify, render_template, request, send_from_directory
@@ -38,6 +39,8 @@ app = Quart(
 )

 app.config["JWT_SECRET_KEY"] = os.getenv("JWT_SECRET_KEY", "SECRET_KEY")
+app.config["JWT_ACCESS_TOKEN_EXPIRES"] = timedelta(hours=1)
+app.config["JWT_REFRESH_TOKEN_EXPIRES"] = timedelta(days=30)
 app.config["MAX_CONTENT_LENGTH"] = 10 * 1024 * 1024  # 10 MB upload limit
 jwt = JWTManager(app)