We are excited to announce a new security capability for the Stigg Frontend SDK: Configurable Token Expiration for Client-Side Hardening.

This feature builds upon our Client-Side Hardening (HMAC verification), allowing you to define a specific validity window for your customer tokens.

🆕 What’s New

You can now include an expiration timestamp field (exp) within the customer token to set the desired expiration session expiration time.

💡 Why This Matters

• Reduced Attack Surface: Limit the lifespan of client-side credentials.
• Compliance: Meet strict internal security requirements for token rotation and expiration.
• Granular Control: Choose an expiration window that fits your app’s session length (e.g., 15 minutes, 1 hour, or 24 hours).

🛠 Get started

To configure the expiration period, update your backend token generation logic to include the new expiration field.

Check out the updated Hardening Documentation to see full implementation details for your preferred language.