Make jwt token expiration configurable

[keremkusmezer]

Generated jwt token has a default expiration value of 15 minutes, make it configurable from the settings or app config

[agustif]

JWT_EXPIRESIN=
environment variable

[adevinwild]

This key does not exist anywhere in the repository unless I am mistaken @agustif 🤔

I find this idea very relevant.
Here is what I could gather as information:

On the one hand the creation of an admin session expires after 24 hours.
On the other hand for the store, it is done after 30 days.

How do you get 15 minutes? Is the authentication decoupled from the medusa package (back-end)?

References :
Admin

medusa/packages/medusa/src/api/routes/admin/auth/create-session.ts

Line 90 in 6481b0c

expiresIn: "24h",

Store

medusa/packages/medusa/src/api/routes/store/auth/create-session.ts

Line 84 in 6481b0c

expiresIn: "30d",

[agustif]

You're right, sorry for the mix up

[adevinwild]

Hi @keremkusmezer 👋

Since v̶.̶1̶.̶7̶.̶1̶.̶3̶ v.1.7.6 it's allowed to tweak the max age of a session cookie : 9ebb501

[olivermrbl]

Thanks for pitching in @adevinwild. A minor correction - the options were added in v1.7.6 😊

[adevinwild]

Thanks for pitching in @adevinwild. A minor correction - the options were added in v1.7.6 😊

Oops, thanks for the right version number 😬😊