Differences

This shows you the differences between two versions of the page.

--- devel:documentation:security [2019/02/01 13:08] – admin guide section kotisovam
+++ devel:documentation:security [2025/07/28 12:45] (current) – [Authorization and JWT token] kopro
@@ Line 31: / Line 31: @@
   * iat - issued at date
-All IdM JWT tokens are signed using HMAC256 algorithm. The symmetric encryption key is configuration property of CzechIdM, stored as "idm.sec.security.jwt.secret.token". Default token expiration time is 10 minutes. JWT tokens are persisted in database (''%%IdmToken%%'' entity) with assigned authorities. When identity is logged out, token is disabled. Disabled and expired tokens are purged periodically by internal scheduled task.
+All IdM JWT tokens are signed using HMAC256 algorithm. The symmetric encryption key is configuration property of CzechIdM, stored as "idm.sec.security.jwt.secret.token". Default token expiration time is 10 minutes. JWT tokens are persisted in database (''%%IdmToken%%'' entity) with assigned authorities. When identity is logged out, token is disabled. Disabled and expired tokens are purged periodically by **internal** scheduled task. **The task cannot be scheduled for a specific time.** It is triggered internally in IdM once per day and deletes all tokens (regardless of token type) that have an expiration date older than 14 days.
 Backend of CzechIdM supports immediate detection of user's authorization change. Each modification type is implemented as application event processor, for further details please check the source code and tests :) When user's authorization changes, then persisted tokens, which user owns, are disabled => user is logged out. Types of modifications:
@@ Line 39: / Line 40: @@
   * role's permissions change - revokes tokens of all users which have the role assigned
-===== Admin guide (to be completed) =====
-  * [[.adm:security|Security overview]]
 ===== Devel Guide =====