I altered the default workflow for POST /auth
to add a max-age for both the authorization token and the cookie that is set with the response. I am storing the max age value as an application global. The max-age template works fine for the set cookie header. But for the token, while it is generated and returned in the response, I am not able to use it in subsequent requests to authenticate against other experience endpoints.
If I alter the workflow to remove the max age on the auth token and re-deploy, the tokens will work again.
I am trying to set the max age to 2592000000 milliseconds (30 days) for both the cookie and auth token.