Pelcro uses JSON Web Token (JWT), an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. Once the user is authenticated, each subsequent request will require the JWT (auth_token), allowing the user to access routes, services, and resources that are permitted with that token. This implementation makes it easy to implement Single Sign-On across different domains and properties.

Time to live

The length of time (in minutes) that the auth_token will be valid for is by default 14 days.

Refresh time to live

The length of time (in minutes) that the token can be refreshed. I.E. The user can refresh their token within a 2-week window of the original token being created until they must re-authenticate is by default 14 days.