Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

<@U04UQ68083H> What is the difference between the oauth2.grant.jwt.max_ttl setting and the strategies.ttl setting in the oauth config?

I'm sorry, but the provided knowledge sources do not contain information about a `strategies.ttl` setting in the OAuth config. However, I can tell you about the `/oauth2/grant/jwt/max_ttl` setting. This setting controls the maximum time-to-live (TTL) for a JSON Web Token (JWT). It restricts the time window during which the JWT can be used. You can configure this setting using the Ory CLI as shown in the example below:  ```bash ory patch oauth2-config \     --replace "/oauth2/grant/jwt/max_ttl=1h"   ```  This command sets the maximum TTL for a JWT to 1 hour. After this period, the JWT will no longer be valid.  For more information about the `strategies.ttl` setting, I would recommend checking the Ory documentation or the specific guide for the feature you're using.  Sources: - [Configuring JWT validation parameters](<https://www.ory.sh/docs/hydra/guides/jwt#configuring-jwt-validation-parameters>) - [Ory patch oauth2-config](<https://www.ory.sh/docs/cli/ory-patch-oauth2-config#ory-patch-oauth2-config>)