SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

I was using the session with jwt enabled , i noticed one thing that the jwt expiry is default to 1 hr, in-spite of adding ACCESS_TOKEN_VALIDITY

Oh really! Can you please open an issue about this? May be a bug

https://github.com/supertokens/supertokens-core/issues/482

My bad i closed the issue since the config error was on my end i had two core service running 😳

I did see that there is an off set of 30 seconds between the access token and jwt expiry, is this by design

Its there cause when you do `getAccessTokenPayload()`, that decides if a refresh is needed based on the access token's lifetime.

There might be an edge case where right before the access token is about to expire, you call the function, and it doesn't refresh. The resulting JWT in that case, if used to send to another service, can hence be expired. So to sort of relax this edge case a bit, we added an extra 30 secs to the JWT expiry.