DEV Community

Discussion on: How to Create a JSON Web Token Using PHP

 
robdwaller profile image
Rob Waller

The expiry should be relatively short, I would say minutes. You should also create a way for you to update tokens as Facebook does. Facebook tokens last for about 60 minutes and if you want to continue making requests after 60 minutes you have to trade the current token for a new token before the current token expires.

The issue identifier is the application that creates the token, not the application or user who asks for the token.

eg

User 1 asks for a token

Website A creates and returns the token to User 1.

In this scenario the issue identifier would be "Website A"