Hi,
I would like to know is there a way we can limit the number of refresh token generation in apigee oauth v2 policy, if out of the box solution is not available , please let me know how can this be achieved in apigee.
Note: Reusetoken will be set to "false", so each time when we use refreshtoken we get a new pair of refresh & accesstoken and the old tokens will be become invalid.
Refresh_count gives the number of times the same refresh token is used , hence this variable is of no use to my case.
Can you try something like this? Use the SetOAuthV2Info policy to set and update a custom attribute on the refresh_token (named rcount maybe?) after each successful refresh. You will need to have read the rcount from the prior generation of the token. Maybe via GetOAuthV2Info, prior to calling OAuthV2/RefreshAccessToken .
The result is, rather than simply using OAuthV2/RefreshAccessToken, you will have five steps:
thankyou dchiesa, for the suggestion will try out.
General question.
Is it new implementation? If yes, please move away from password grant type.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |