Skip to content

fix(auth): [BE-3943] update ttl mentions and improve refresh tokens#67

Open
zanderwar wants to merge 1 commit into
mainfrom
feat/BE-3943-refresh-tokens-and-ttls
Open

fix(auth): [BE-3943] update ttl mentions and improve refresh tokens#67
zanderwar wants to merge 1 commit into
mainfrom
feat/BE-3943-refresh-tokens-and-ttls

Conversation

@zanderwar

Copy link
Copy Markdown
Contributor

This pull request updates the authentication documentation to clarify and standardize information about token expiry, refresh tokens, and best practices for token management. The main focus is on making token lifetimes, refresh token handling, and server-to-server authentication details more accurate and easier to understand.

Token expiry and refresh behavior:

  • Updated all references to access token and refresh token expiry to remove fixed durations, instead describing them as variable and referring to the actual value returned by the API. This avoids confusion and ensures developers use the correct expiry time from the response. [1] [2] [3] [4]
  • Added explicit documentation that refresh tokens are single-use: each exchange returns a new refresh token and invalidates the previous one, and reusing a spent refresh token will fail.

Refresh token usage and guidance:

  • Added an info box explaining that Studio Website Login and Email Authentication flows return a refresh_token, with details on how to exchange it for a new access token and the differences between Studio Website and email-issued tokens.

Server-to-server (S2S) authentication:

  • Clarified that the S2S service token response is not guaranteed to be valid for 90 days; removed the fixed validity period and instead instructs developers to cache tokens and only request new ones when needed. [1] [2]

General improvements to clarity:

  • Improved wording around access token lifetimes, emphasizing that tokens are long-lived by default but can expire or be revoked at any time, and clarified behavior when custom expiry values are supplied.

@zanderwar zanderwar requested a review from Gummby July 8, 2026 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant