[Solved] Experience Authenticate Node Max-Age

I altered the default workflow for POST /auth to add a max-age for both the authorization token and the cookie that is set with the response. I am storing the max age value as an application global. The max-age template works fine for the set cookie header. But for the token, while it is generated and returned in the response, I am not able to use it in subsequent requests to authenticate against other experience endpoints.

If I alter the workflow to remove the max age on the auth token and re-deploy, the tokens will work again.

I am trying to set the max age to 2592000000 milliseconds (30 days) for both the cookie and auth token.

You are absolutely right! Turns out this was a mismatch between what the text in the front end said and what the behavior of the node actually was (it was treating the value as an explicit timestamp, and not as a TTL). We have gone ahead and changed the behavior to match the description in the UI, since a TTL makes more sense here than a timestamp. So you should be able to now set a 30 day TTL on the token.

Thanks for the bug report!

1 Like