The

max_ttl

setting in the JWT grant section of the Ory configuration is used to control the

exp

(expiration time) claim of a JWT (JSON Web Token). This claim restricts the time window during which the JWT can be used. For example, if you set

max_ttl=1h

using the Ory CLI, the JWT can be used for up to 1 hour from the time it was issued. Here is an example of how to set it using the Ory CLI:

bash ory patch oauth2-config \    --replace "/oauth2/grant/jwt/max_ttl=1h"

This command sets the maximum time-to-live for the JWT to 1 hour. For more details, you can refer to the [Ory documentation](https://www.ory.sh/docs/hydra/guides/jwt#jwt-assertion-validation-requirements).

The

ttl.access_token

and

/oauth2/grant/jwt/max_ttl

settings serve different purposes and do not override each other. The

ttl.access_token

setting is used to control the lifespan of access tokens. This is a global setting that applies to all access tokens generated by Ory Hydra. Here's an example of how to set it:

yaml # hydra-config.yaml   hydra:     config:       ttl:         access_token: 1h

And then apply it with helm:

bash helm install -f ./path/to/hydra-config.yaml ory/hydra

This configuration sets the lifespan of access tokens to 1 hour. You can find more details in the [Ory Hydra configuration documentation](https://www.ory.sh/docs/hydra/self-hosted/kubernetes-helm-chart#configuration). On the other hand, the

/oauth2/grant/jwt/max_ttl

setting specifically controls the

exp

(expiration time) claim of a JWT when using the JWT Authorization Grant. This setting applies only to JWTs used in this context. Here's an example of how to set it:

bash ory patch oauth2-config \    --replace "/oauth2/grant/jwt/max_ttl=1h"

This command sets the maximum time-to-live for the JWT to 1 hour. You can find more details in the [Ory Hydra JWT guide](https://www.ory.sh/docs/hydra/guides/jwt#jwt-assertion-validation-requirements). So, in summary, these settings control different aspects of Ory Hydra's token handling and do not override each other.