Release/v0.4.1

README.md

@@ -121,6 +121,21 @@ mutation RefreshAuthToken {
 }
 ```
 
+## Filters
+
+The plugin offers some filters to hook into.
+
+### Change Auth Token expiration
+
+**Note: For security, we highly recommend, that the Auth Token is short lived. So do not set this higher than 300 seconds unless you know what you are doing.**
+
+```php
+add_filter('graphql_jwt_auth_expire', 60);
+```
+
+- Argument: Expiration in seconds
+- Default: 300
+
 
 ## Example using GraphiQL
 ![Example using GraphiQL](https://github.com/wp-graphql/wp-graphql-jwt-authentication/blob/master/img/jwt-auth-example.gif?raw=true)

src/Auth.php

@@ -105,19 +105,17 @@ public static function get_token_expiration() {
 			/**
 			 * Set the expiration time, default is 300 seconds.
 			 */
-			$expiration = self::get_token_issued() + 300;
+			$expiration = 300;
 
 			/**
-			 * Determine the expiration value. Default is 7 days, but is filterable to be configured as needed
+			 * Determine the expiration value. Default is 5 minutes, but is filterable to be configured as needed
 			 *
 			 * @param string $expiration The timestamp for when the token should expire
 			 */
-			self::$expiration = apply_filters( 'graphql_jwt_auth_expire', $expiration );
-
+			self::$expiration = self::get_token_issued() + apply_filters( 'graphql_jwt_auth_expire', $expiration );
 		}
 
 		return ! empty( self::$expiration ) ? self::$expiration : null;
-
 	}
 
 	/**