# Custom configuration items
Authing has always been committed to bringing developers a highly customized development experience. Therefore, we provide the following custom configuration items. Developers can balance security and convenience according to their business needs.
Developers can access the Authing console (opens new window) Basic Configuration -> Basic Settings -> App scan code to log in to the Web Define a custom configuration at.
# QR code valid time
The default is 120 s.
# Whether the query QR code status interface returns complete user information
Does not return by default. Since the interface for querying the QR code status does not have permission verification, it means that there is a security risk in returning user information (including the login credentials token) directly on this interface, so we recommend that developers follow the best practice: query QR code The status interface only returns the user's nickname and avatar, and uses the ticket in exchange for user information.
# ticket valid time
The default is 300 s.
# Is it allowed to use ticket in the browser in exchange for user information
Not allowed by default, it needs to be called on the server side, that is, after the user pool key is initialized. Click to learn how to initialize the backend SDK.
A typical usage scenario is: after the user scans the QR code to agree to authorization, the developer gets the ticket, sends it to his backend, uses the backend SDK to exchange user information, then redirects to the logged-in page, and writes the user information into localStroage.