AI Content - JWT Expiration and Allowed Origins

[ata-wt]

Hello,

I've been exploring the AI feature but encountered some issues and questions that I couldn't find answers to in the documentation.

1. JWT Expiration Issue:

• I am able to generate a JWT using a secret key, but when I set an expiration time, it doesn't seem to take effect.

import jwt from "jsonwebtoken";
const token = jwt.sign({}, JWT_SECRET, { expiresIn: "1m" });

• Regardless of the expiration setting, the token appears valid for 24 hours, which could be a security concern if exploited by malicious users.
• Is there a proper way to enforce the expiration time correctly?
• Additionally, is there a recommended approach to invalidate an existing JWT before its expiration to prevent exploit? or do you have rate limiting etc?

2. Allowed Origins and Wildcards for Subdomains:

• I want to allow requests from multiple subdomains using a wildcard (e.g., *.example.com), but I haven't been able to get it working.

3. Documentation Improvements:

• Are there any plans to improve the documentation with more details, examples and troubleshooting steps?

Any guidance or best practices on these topics would be greatly appreciated. Thanks!

I also checked previous topics

404 -> #4983