This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

What's the standard lifetime of refresh token incase of Resource Credentials Password Grant Type ?

Posted on 08-16-2016 04:38 AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

AccessToken lifetime should be few hours.

What about the RefreshToken TTL ? Should it be few hours / weeks / months ? What's the Apigee standard ?

0 3 316
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

I guess the answer would be it depends on the customer's security profile and how often customer wants their login/password running on the wire. It could be along the same lines as accesstoken TTL. Not sure if this can be made as an standard practice.

The refresh token TTL can also have a number (number of times, it can be used to generate a accesstoken) instead of TTL, although i have not personally tried this.

Posted on --/--/---- --:-- AM
anilsr
Staff
In response to
Reply posted on --/--/---- --:-- AM

@pdani , That's correct. Do we have any examples of RefreshToken TTL ? What's our recommended approach ? Any examples of our customers (without names) internal apps ?

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to anilsr
Reply posted on --/--/---- --:-- AM

Here is what I found in the community for setting expiration on refresh token

https://community.apigee.com/questions/1991/how-to-i-generate-different-expiry-time-for-refres.html

0 Likes