alfred-mobile/AUTHENTIK_TOKEN_LIFETIME.md

# Extending OAuth Token Lifetime in Authentik

## Problem
The Alfred mobile app logs you out after ~5 minutes because the OAuth access tokens expire.

## Solution
Increase the token expiration time in Authentik.

## Steps

1. **Open Authentik Admin** → https://auth.dnspegasus.net/if/admin/

2. **Navigate to Applications**
   - Click "Applications" in the left sidebar
   - Find "alfred-mobile"
   - Click on it

3. **Edit the OAuth Provider**
   - Click "Edit Provider" or go to the linked provider
   - Look for **"Access token validity"** setting
   - Current value: `minutes=5` (5 minutes)
   
4. **Increase Token Lifetime**
   - Change to one of these values:
     - `minutes=60` (1 hour)
     - `minutes=240` (4 hours)  
     - `minutes=1440` (24 hours) **← Recommended for mobile**
     - `days=7` (1 week)
     - `days=30` (1 month)

5. **Save Changes**
   - Click "Update" or "Save"

6. **Test the App**
   - Log out of the Alfred app
   - Log back in
   - The session should now last much longer!

## Recommended Settings

For the **alfred-mobile** OAuth provider:
- **Access token validity**: `minutes=1440` (24 hours)
- **Refresh token validity**: `days=30` (30 days)

This way:
- You stay logged in for a full day
- The app can refresh the token for up to 30 days
- You only need to re-login once a month at most

## Note

The app currently doesn't implement token refresh, so it will log you out when the access token expires. Increasing the token lifetime is the simplest fix until we implement refresh token handling.