Max Podriezov

Hi, i think you can configure it inside the /src/services/jwt/index.js. There is a method called sign and according to the [documentation](https://www.npmjs.com/package/jsonwebtoken) you can provide "expiresIn" param.

@kcastrotech Thank you, it worked for me. I guess something is wrong with json to xml convertor. Is it a bug?

Hi, the [fix](https://github.com/Azure/api-management-developer-portal/commit/c6d71e3a6f5a572bd383888b3a099bf4f44c7812#diff-8fa4b52909f895e8cda060d2035234e0a42ca2c7d3f8f8de1b35a056537bf199R319) seems to be not deployed. The sanbox attribute on the iframe is not changed from "allow-same-origin allow-scripts allow-modals allow-forms allow-popups allow-popups-to-escape-sandbox allow-top-navigation allow-pointer-lock" to - "allow-scripts allow-modals...

Sorry, everything is up to date. There is some issue with this approach.. checking it..