Clarity on the maxTimeToLive passed in authClient for Internet Identity

The documentation here talks about DelegationIdentitybeing valid with the set maxTimeToLive.

The II interface spec too talks about it here

The questions I have are:

  • What is the default value in case nothing is passed?
  • Is there a way to obtain a DelegationIdentity that doesn’t expire?
  • What is the exact max value that can be passed?
1 Like

This says 8 hours:

But I’ve been getting logged out after about 30 minutes:

I would like to know this too.

BigInts are supposed to be arbitrarily large but in practice it seems to be implementation-specific:

javascript - What's the biggest BigInt value in js as per spec - Stack Overflow


Right, my use case is primarily syncing data between devices, so I am primarily looking for a way to have auth never expire. In case it absolutely has to, I am looking for the maximum possible value that the IC supports. I was reading on this thread that it’s close to 8 days, but knowing the EXACT maximum value that is practically possible would be helpful

@kpeacock @PaulLiu Any thoughts?

@saikatdas0790: The exact maximum value has been increased to 30 days.

We are aware, that there are many use cases for which delegations without expiry would be helpful. However, these are problematic from a security perspective. So what we will most likely implement in the future are short-lived delegations that can be refreshed.

Unfortunately though, this is only a plan so far and I cannot give you a timeline of when this feature will be ready. The most up to date information can be found here: Internet Identity Roadmap Update, June 2022

1 Like

Thank you for the clarity. 30 days will work for now

Additionally, for long-term usage you can use identities that are not delegated at all, although this requires you to securely save the public-private keypair