Pelcro uses JSON Web Token (JWT), an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. Once the user is authenticated, each subsequent request will require the JWT (auth_token), allowing the user to access routes, services, and resources that are permitted with that token. This implementation makes it easy to implement Single Sign-On across different domains and properties.
The length of time (in minutes) that the auth_token will be valid for is by default 14 days.
The length of time (in minutes) that the token can be refreshed. I.E. The user can refresh their token within a 2-week window of the original token being created until they must re-authenticate is by default 14 days.