Skip to content

Access Token Expiration settings have no effect

I tried to change the default customer access token expiration from 1 hour to 48 hours and even to 0 to disable expiration, but regardless of what number I enter, the token I receive from the REST API expires in 1 hour. I cleaned the cache, flushed it.

What can I do to make Magento use the numbers I enter? (Magento 2.4.4)

My current settings in Magento

This is how the API request looks like:

POST https://elszerbt.alphadev.hu/rest/default/V1/integration/customer/token
Accept: application/json
Content-Type: application/json

{"username": "[email protected]", "password": "mypassword"}

The customer has been added manually and the password setup through the activation email link. This test customer is the only one right now:

List of customers

The token works perfectly once it’s received, but it expires early. You can see the token here:

eyJraWQiOiIxIiwiYWxnIjoiSFMyNTYifQ.eyJ1aWQiOjEsInV0eXBpZCI6MywiaWF0IjoxNjYwNzI5ODQ0LCJleHAiOjE2NjA3MzM0NDR9.fxnGiLwFNc4dAZA0-npEsAf0gzpnU1pKXZke78WFuOM

If you enter this token to https://jwt.io/, you can see the difference between the issue date and expiration date is 1 hour.

I also tested the admin token the following way:

POST https://elszerbt.alphadev.hu/rest/default/V1/integration/admin/token
Accept: application/json
Content-Type: application/json

{"username": "adminuser", "password": "mypassword"}

What’s interesting is that it also expires in 1 hour, which is not the default setting for admin tokens. The default is 4 hours.

This is the admin token I received:

eyJraWQiOiIxIiwiYWxnIjoiSFMyNTYifQ.eyJ1aWQiOjEsInV0eXBpZCI6MiwiaWF0IjoxNjYwNzMwMTY5LCJleHAiOjE2NjA3MzM3Njl9.dwI7qbYSe8A2BOHlLKE4KlL7QmJzlX1wYVlkoRJIhyM

I have this issue on multiple instances, although they have exactly the same setup. I’m using the default file-system cache of Magento.