I have a token generated using an OAuthV2 policy:
<OAuthV2 name="OAuthV2.GenerateAccessToken" continueOnError="false"> <Operation>GenerateAccessToken</Operation> <ExpiresIn ref="flow.expirationTime">3600000</ExpiresIn> .... .... <Attributes> <Attribute name="attr1" ref="request.formparam.attr1" display="true"/> <Attribute name="attr2" ref="request.formparam.attr2" display="true"/> </Attributes> </OAuthV2>
The token is binded with 2 attributes and expires after 3600 seconds.
Under certain conditions on attr1 and attr2 I want to force the token to expire before the real expiration time.
There is some way to do this inside a proxy or the only way is revoke the token using management API:
Solved! Go to Solution.
Hi @aatth1 - I don't think you can change the expiration of an existing token. As you probably found, the SetOAuthV2 policy does not allow you to change the expiration. Here's another answer I found that might help you that involves a possible workaround (which I've never tried myself):
https://community.apigee.com/questions/1994/is-there-a-way-to-update-expiry-time-of-an-existin.html
I hope that helps,
Will
Hi @aatth1 - I don't think you can change the expiration of an existing token. As you probably found, the SetOAuthV2 policy does not allow you to change the expiration. Here's another answer I found that might help you that involves a possible workaround (which I've never tried myself):
https://community.apigee.com/questions/1994/is-there-a-way-to-update-expiry-time-of-an-existin.html
I hope that helps,
Will
Thanks , this is what I was looking for.
In my case maybe I can just invalidate the token using the InvalidateToken operation.
But the workaround solution to modify the expiration time looks good to me.
Antonio
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |