Practise the standard verbs for managing JWT token expiry safely.
0 / 5 completed
1 / 5
Fill in: 'We ___ a short expiry on every access token so a leaked one only stays valid briefly.'
We 'set an expiry' — the standard, simple collocation for configuring a token's validity window. The other options are less idiomatic here.
2 / 5
Fill in: 'A token issued without an exp claim can ___ a session valid indefinitely, which is a real security risk.'
We say a missing claim will 'leave' a session valid forever — the standard, natural collocation here. The other options aren't idiomatic here.
3 / 5
Fill in: 'We ___ an expired token cleanly with a 401 instead of letting a downstream service reject it confusingly.'
We 'reject a token' — the standard, established auth collocation for refusing an invalid credential. The other options aren't the recognised term here.
4 / 5
Fill in: 'We ___ a refresh token securely so a short-lived access token can be renewed without a full re-login.'
We 'store' a token — the standard, simple collocation for persisting a credential securely. The other options are less idiomatic here.
5 / 5
Fill in: 'We ___ the signing key periodically so a compromised key only exposes a limited window of tokens.'
We 'rotate' a key — the standard, established security collocation for replacing credentials on a schedule. The other options aren't the recognised term here.