[Team Experiments] Token expiration, from hour to days

Today, we looked at a bug we got from a long time.
The token duration bug.

The problem

https://github.com/xee-lab/xee-api-docs/issues/24

For those who are wondering what this bug was, here is a summary.

1. We wanted the token life to be short! (More secure).
2. We made it short (3600 seconds).
3. We found issues in the flow, so while fixing the issue, we made it longer (13060800 seconds).
4. We fixed the issue and set the token verification back to 3600 seconds

Problem is, when tokens were made, we didn’t set lifetime back to 3600 seconds, so:

• Tokens were provided with a 13060800 seconds lifetime
• In the APIs, Tokens were considered expired after 3600 seconds

http://giphy.com/gifs/facepalm-ciumes-zNrg4ulntLBMk

The solution

We finally agreed on a fix:

• Now the tokens have a lifetime of 172800 seconds (48hours)

Why ? Because life is too short for refreshing tokens each hours !

(But we also think that refreshing tokens is a good practice)

The consequences

• You might have to refresh the token sooner than expected! But it will continue to work as expected
• Now the expires_in is trusty