Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Note |
---|
Keycloak integration is currently under active development as a new identity management and authentication provider which will provide advanced security and management functionality, including stronger password policies, 2-factor authentication, secure password reset functionality, and potential integration with Enterprise user stores via SAML/SSO. |
Live Search | ||||||
---|---|---|---|---|---|---|
|
Credentials
User accounts are secured and authenticated via email address and password.
Email addresses are initially validated upon account creation by sending an email with a secure (per user hash) URL which must be clicked on prior to the account being verified.
Tidepool users are required to have a password between 8 and 72 characters with no whitespace.
If an end user forgets their password, they can request their password be reset from our login page, which sends an email to the account of record that includes a reset link with a unique key.
Session Timeout and Password Policies
Tidepool does not have a user or clinic configurable timeout or password policy a at this time.
Tidepool users are required to have a password between 8 and 72
characters with no whitespace.
Session tokens will expire after 8 hours
of inactivity and 24 hours
maximum
Remember Me sessions - 7 days
of inactivity, 30 days
maximum
sample JWT session token (time is in Unix timestamp format)
Code Block | ||
---|---|---|
| ||
{"alg":"RS256","typ":"JWT"}.{"aud":"api.tidepool.org","dur":2592000 |
Page Tree |
---|