((META (EMPTY-STRING title "Access token") (WORD role "manual") (TAG-SET tags ("#authentication" "#configuration" "#manual" "#security" "#zettelstore")) (WORD syntax "zmk") (ZID-SET back ("00001010000000" "00001012000000")) (ZID-SET backward ("00001004010000" "00001010000000" "00001012000000" "00001012050200")) (NUMBER box-number "1") (STRING copyright "(c) 2020-present by Detlef Stern <ds@zettelstore.de>") (TIMESTAMP created "00010101000000") (ZID-SET forward ("00001004010000" "00001012050200" "00001012050400" "00001014000000")) (WORD lang "en") (EMPTY-STRING license "EUPL-1.2-or-later") (TIMESTAMP modified "20211202120950") (TIMESTAMP published "20211202120950") (WORD visibility "public")) (BLOCK (PARA (TEXT "If") (SPACE) (TEXT "an") (SPACE) (TEXT "user") (SPACE) (TEXT "is") (SPACE) (TEXT "authenticated,") (SPACE) (TEXT "an") (SPACE) (FORMAT-QUOTE () (TEXT "access") (SPACE) (TEXT "token")) (SPACE) (TEXT "is") (SPACE) (TEXT "created") (SPACE) (TEXT "that") (SPACE) (TEXT "must") (SPACE) (TEXT "be") (SPACE) (TEXT "sent") (SPACE) (TEXT "with") (SPACE) (TEXT "every") (SPACE) (TEXT "request") (SPACE) (TEXT "to") (SPACE) (TEXT "prove") (SPACE) (TEXT "the") (SPACE) (TEXT "identity") (SPACE) (TEXT "of") (SPACE) (TEXT "the") (SPACE) (TEXT "caller.") (SOFT) (TEXT "Otherwise") (SPACE) (TEXT "the") (SPACE) (TEXT "user") (SPACE) (TEXT "will") (SPACE) (TEXT "not") (SPACE) (TEXT "be") (SPACE) (TEXT "recognized") (SPACE) (TEXT "by") (SPACE) (TEXT "Zettelstore.")) (PARA (TEXT "If") (SPACE) (TEXT "the") (SPACE) (TEXT "user") (SPACE) (TEXT "was") (SPACE) (TEXT "authenticated") (SPACE) (TEXT "via") (SPACE) (TEXT "the") (SPACE) (LINK-ZETTEL () "00001014000000" (TEXT "web") (SPACE) (TEXT "user") (SPACE) (TEXT "interface")) (TEXT ",") (SPACE) (TEXT "the") (SPACE) (TEXT "access") (SPACE) (TEXT "token") (SPACE) (TEXT "is") (SPACE) (TEXT "stored") (SPACE) (TEXT "in") (SPACE) (TEXT "a") (SPACE) (LINK-EXTERNAL () "https://en.wikipedia.org/wiki/HTTP_cookie#Session_cookie" (FORMAT-QUOTE () (TEXT "session") (SPACE) (TEXT "cookie"))) (TEXT ".") (SOFT) (TEXT "When") (SPACE) (TEXT "the") (SPACE) (TEXT "web") (SPACE) (TEXT "browser") (SPACE) (TEXT "is") (SPACE) (TEXT "closed,") (SPACE) (TEXT "theses") (SPACE) (TEXT "cookies") (SPACE) (TEXT "are") (SPACE) (TEXT "not") (SPACE) (TEXT "saved.") (SOFT) (TEXT "If") (SPACE) (TEXT "you") (SPACE) (TEXT "want") (SPACE) (TEXT "web") (SPACE) (TEXT "browser") (SPACE) (TEXT "to") (SPACE) (TEXT "store") (SPACE) (TEXT "the") (SPACE) (TEXT "cookie") (SPACE) (TEXT "as") (SPACE) (TEXT "long") (SPACE) (TEXT "as") (SPACE) (TEXT "lifetime") (SPACE) (TEXT "of") (SPACE) (TEXT "that") (SPACE) (TEXT "token,") (SPACE) (TEXT "the") (SPACE) (TEXT "owner") (SPACE) (TEXT "must") (SPACE) (TEXT "set") (SPACE) (LITERAL-INPUT () "persistent-cookie") (SPACE) (TEXT "of") (SPACE) (TEXT "the") (SPACE) (LINK-ZETTEL () "00001004010000" (TEXT "startup") (SPACE) (TEXT "configuration")) (SPACE) (TEXT "to") (SPACE) (LITERAL-INPUT () "true") (TEXT ".")) (PARA (TEXT "If") (SPACE) (TEXT "the") (SPACE) (TEXT "web") (SPACE) (TEXT "browser") (SPACE) (TEXT "remains") (SPACE) (TEXT "inactive") (SPACE) (TEXT "for") (SPACE) (TEXT "a") (SPACE) (TEXT "period,") (SPACE) (TEXT "the") (SPACE) (TEXT "user") (SPACE) (TEXT "will") (SPACE) (TEXT "be") (SPACE) (TEXT "automatically") (SPACE) (TEXT "logged") (SPACE) (TEXT "off,") (SPACE) (TEXT "because") (SPACE) (TEXT "each") (SPACE) (TEXT "access") (SPACE) (TEXT "token") (SPACE) (TEXT "has") (SPACE) (TEXT "a") (SPACE) (TEXT "limited") (SPACE) (TEXT "lifetime.") (SOFT) (TEXT "The") (SPACE) (TEXT "maximum") (SPACE) (TEXT "length") (SPACE) (TEXT "of") (SPACE) (TEXT "this") (SPACE) (TEXT "period") (SPACE) (TEXT "is") (SPACE) (TEXT "specified") (SPACE) (TEXT "by") (SPACE) (TEXT "the") (SPACE) (LITERAL-INPUT () "token-lifetime-html") (SPACE) (TEXT "value") (SPACE) (TEXT "of") (SPACE) (TEXT "the") (SPACE) (TEXT "startup") (SPACE) (TEXT "configuration.") (SOFT) (TEXT "Every") (SPACE) (TEXT "time") (SPACE) (TEXT "a") (SPACE) (TEXT "web") (SPACE) (TEXT "page") (SPACE) (TEXT "is") (SPACE) (TEXT "displayed,") (SPACE) (TEXT "a") (SPACE) (TEXT "fresh") (SPACE) (TEXT "token") (SPACE) (TEXT "is") (SPACE) (TEXT "created") (SPACE) (TEXT "and") (SPACE) (TEXT "stored") (SPACE) (TEXT "inside") (SPACE) (TEXT "the") (SPACE) (TEXT "cookie.")) (PARA (TEXT "If") (SPACE) (TEXT "the") (SPACE) (TEXT "user") (SPACE) (TEXT "was") (SPACE) (TEXT "authenticated") (SPACE) (TEXT "via") (SPACE) (TEXT "the") (SPACE) (TEXT "API,") (SPACE) (TEXT "the") (SPACE) (TEXT "access") (SPACE) (TEXT "token") (SPACE) (TEXT "will") (SPACE) (TEXT "be") (SPACE) (TEXT "returned") (SPACE) (TEXT "as") (SPACE) (TEXT "the") (SPACE) (TEXT "content") (SPACE) (TEXT "of") (SPACE) (TEXT "the") (SPACE) (TEXT "response.") (SOFT) (TEXT "Typically,") (SPACE) (TEXT "the") (SPACE) (TEXT "lifetime") (SPACE) (TEXT "of") (SPACE) (TEXT "this") (SPACE) (TEXT "token") (SPACE) (TEXT "is") (SPACE) (TEXT "more") (SPACE) (TEXT "short") (SPACE) (TEXT "term,") (SPACE) (TEXT "e.g.") (SPACE) (TEXT "10") (SPACE) (TEXT "minutes.") (SOFT) (TEXT "It") (SPACE) (TEXT "is") (SPACE) (TEXT "specified") (SPACE) (TEXT "by") (SPACE) (TEXT "the") (SPACE) (LITERAL-INPUT () "token-lifetime-api") (SPACE) (TEXT "value") (SPACE) (TEXT "of") (SPACE) (TEXT "the") (SPACE) (TEXT "startup") (SPACE) (TEXT "configuration.") (SOFT) (TEXT "If") (SPACE) (TEXT "you") (SPACE) (TEXT "need") (SPACE) (TEXT "more") (SPACE) (TEXT "time,") (SPACE) (TEXT "you") (SPACE) (TEXT "can") (SPACE) (TEXT "either") (SPACE) (LINK-ZETTEL () "00001012050200" (TEXT "re-authenticate")) (SPACE) (TEXT "the") (SPACE) (TEXT "user") (SPACE) (TEXT "or") (SPACE) (TEXT "use") (SPACE) (TEXT "an") (SPACE) (TEXT "API") (SPACE) (TEXT "call") (SPACE) (TEXT "to") (SPACE) (LINK-ZETTEL () "00001012050400" (TEXT "renew") (SPACE) (TEXT "the") (SPACE) (TEXT "access") (SPACE) (TEXT "token")) (TEXT ".")) (PARA (TEXT "If") (SPACE) (TEXT "you") (SPACE) (TEXT "remotely") (SPACE) (TEXT "access") (SPACE) (TEXT "your") (SPACE) (TEXT "Zettelstore") (SPACE) (TEXT "via") (SPACE) (TEXT "HTTP") (SPACE) (TEXT "(not") (SPACE) (TEXT "via") (SPACE) (TEXT "HTTPS,") (SPACE) (TEXT "which") (SPACE) (TEXT "allows") (SPACE) (TEXT "encrypted") (SPACE) (TEXT "communication),") (SPACE) (TEXT "your") (SPACE) (TEXT "must") (SPACE) (TEXT "set") (SPACE) (TEXT "the") (SPACE) (LITERAL-INPUT () "insecure-cookie") (SPACE) (TEXT "value") (SPACE) (TEXT "of") (SPACE) (TEXT "the") (SPACE) (TEXT "startup") (SPACE) (TEXT "configuration") (SPACE) (TEXT "to") (SPACE) (LITERAL-INPUT () "true") (TEXT ".") (SOFT) (TEXT "In") (SPACE) (TEXT "most") (SPACE) (TEXT "cases,") (SPACE) (TEXT "such") (SPACE) (TEXT "a") (SPACE) (TEXT "scenario") (SPACE) (TEXT "is") (SPACE) (TEXT "not") (SPACE) (TEXT "recommended,") (SPACE) (TEXT "because") (SPACE) (TEXT "user") (SPACE) (TEXT "name") (SPACE) (TEXT "and") (SPACE) (TEXT "password") (SPACE) (TEXT "will") (SPACE) (TEXT "be") (SPACE) (TEXT "transferred") (SPACE) (TEXT "as") (SPACE) (TEXT "plain") (SPACE) (TEXT "text.") (SOFT) (TEXT "You") (SPACE) (TEXT "could") (SPACE) (TEXT "make") (SPACE) (TEXT "use") (SPACE) (TEXT "of") (SPACE) (TEXT "such") (SPACE) (TEXT "scenario") (SPACE) (TEXT "if") (SPACE) (TEXT "you") (SPACE) (TEXT "know") (SPACE) (TEXT "all") (SPACE) (TEXT "parties") (SPACE) (TEXT "that") (SPACE) (TEXT "access") (SPACE) (TEXT "the") (SPACE) (TEXT "local") (SPACE) (TEXT "network") (SPACE) (TEXT "where") (SPACE) (TEXT "you") (SPACE) (TEXT "access") (SPACE) (TEXT "the") (SPACE) (TEXT "Zettelstore."))))