Access Tokens

The access management system for the web portal employs a robust security protocol.

Upon logout, the refresh token will be promptly revoked to mitigate unauthorized access.

Additionally, access tokens are set to expire within a maximum duration of 10 minutes, ensuring timely rotation of access credentials.

It's essential to clarify that inactivity, defined as the absence of user interaction, operates independently from the token lifecycle.

To maintain uninterrupted access during active sessions, the application automatically refreshes the access token as needed while the user is logged in.

Furthermore, to enhance security measures, our system incorporates an inactivity window of 20 minutes.

However, it's important to note that the detection of user inactivity remains distinct from the expiration of access tokens, underscoring our commitment to safeguarding user privacy and data integrity.