cubejs-jwt-hs256-5min-exp-with-security-context

Cube.js API authentication uses HS256 JWT with a 5-minute expiry and an issuer lock, with per-request securityContext built from DB roles + workspaces + claims. The short expiry ensures role revocations propagate quickly. Contract-tested via mocked httpx; not verified against a live Cube.js instance with a seeded semantic model.

Related

• cube-query-uses-5min-hs256-jwt-with-security-context
• cube-js-widget-data-jwt-signing-pattern
• cubejs-jwt-pattern-hs256-5min-exp-issuer-locked
• cubejs-jwt-hs256-5min-exp-issuer-locked-security-context
• snowflake