Support User-Level Auth Token Expiration

🔍 Problem Statement

As a platform administrator, I experience a fixed, non-configurable authentication token TTL enforced at the JS-SDK level, which results in an inability to align session lifetimes with site-specific security and user experience policies — forcing either premature re-authentication or longer-than-desired session windows that cannot be tuned per environment or audience.

💡 User Story

As a platform administrator, I want to configure the authentication token TTL from the platform settings, so that the JS-SDK consumes that configuration and enforces the desired session lifetime without requiring code changes or redeployments.

🎯 Definition of Done (DoD)

✔ Given an account owner configures a custom session duration in the platform settings, when a user signs in, then their session remains active for exactly the configured duration.

✔ Given the account owner updates the session duration setting, when users sign in afterward, then the new duration is automatically applied without requiring frontend code changes or deployments.

✔ Given the session duration setting UI is displayed, when configuring the value, then:

• The admin can enter a numeric value.

• The admin can select a duration unit (e.g., days or months).

• The minimum accepted value must be a positive number.

• Upper-bound limitations are validated based on platform-defined security constraints.

✔ This change will impact:

• Admin Platform — a new setting allowing configuration of authentication/session duration.

• Authentication System — token/session issuance based on configured TTL.

• Frontend JS-SDK — consumption and enforcement of the configured token lifetime.

• Website User Experience — sessions automatically respect the configured duration.

• Documentation — updated implementation and configuration guidance.