This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to set same ExpiresIn (ttl) in refresh token?

Posted on 09-26-2016 11:41 PM
Not applicable
Reply posted on --/--/---- --:-- AM

How to set same ExpiresIn time for both access token and refresh token? The ExpiresIn time in token generation (access token) flow is derived from back end service. I need to use same value for refresh token. I tried to set this time in custom attribute, however these custom attributes are available only after generation of refresh token. The GetOAuthV2Info policy is not returning custom attributes.

Solved Solved
0 7 437
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Thanks. This is resolved. I am able to extract custom attributes in GetOAuthV2Info. Here are the policies -

Generate token policy (set ttl as custom attribute) - 

<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-ValidateKeySecret">
    <DisplayName>OAuth-ValidateKeySecret</DisplayName>
   
    <Operation>GenerateAccessToken</Operation>    
    <ExpiresIn ref="token.ttl">400000</ExpiresIn>
    <SupportedGrantTypes>
        <GrantType>password</GrantType>
    </SupportedGrantTypes>
    <GrantType>request.formparam.grant_type</GrantType>
    <UserName>request.formparam.username</UserName>
    <PassWord>request.formparam.password</PassWord>
    <Attributes>
        <Attribute name="ttl" ref="token.ttl"> 400000 </Attribute>        
    </Attributes>
    <GenerateResponse enabled="true"/>
    <GenerateErrorResponse enabled="true"/>
</OAuthV2>

Get OAuth info (this is to read custom attribute ttl)

<GetOAuthV2Info async="false" continueOnError="false" enabled="true" name="GetOAuth-GetAttribute">
    <DisplayName>GetOAuth-GetAttribute</DisplayName>
    <RefreshToken ref="request.formparam.refreshtoken"/>
    <IgnoreAccessTokenStatus>true</IgnoreAccessTokenStatus>
</GetOAuthV2Info>

Token Refresh 

<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-TokenRefresh">
    <DisplayName>OAuth-TokenRefresh</DisplayName>
    <Operation>RefreshAccessToken</Operation>
    <ExpiresIn ref="oauthv2accesstoken.GetOAuth-GetAttribute.accesstoken.ttl">400000</ExpiresIn>
    <GrantType>request.formparam.grant_type</GrantType>
    <RefreshToken>request.formparam.refreshtoken</RefreshToken>
    <GenerateResponse enabled="true"/>
</OAuthV2>

View solution in original post

Jump to Solution
0 Likes
7 REPLIES 7

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hello @Sujnana Rai,

You need to set the ExpiresIn and RefreshTokenExpiresIn parameters with desired value. Something like this:

<OAuthV2 async="false" continueOnError="false" enabled="true" name="RefreshAccessToken">
<DisplayName>RefreshAccessToken</DisplayName>
<Operation>RefreshAccessToken</Operation>
<ExpiresIn ref="myAccessTokenExpiryTime">3600000</ExpiresIn>
<RefreshTokenExpiresIn ref="myRefTokenExpiryTime">36000000</RefreshTokenExpiresIn>
<ClientId>client_id</ClientId>
<RefreshToken>refresh_token</RefreshToken>
<Scope>scope</Scope>
<GenerateResponse enabled="true"/>
<Attributes/>
</OAuthV2>

Hope this helps.!

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Hi Maghdeep,

The tried with below code but not working. The refresh token is taking default value for ExpiresIn.

Generate Access Policy - 

<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuthV2-GenerateAccessToken">
    <DisplayName>OAuthV2-GenerateAccessToken</DisplayName>
    <Operation>GenerateAccessToken</Operation>
    <ExternalAccessToken>idToken</ExternalAccessToken>
    <!-- This is in millseconds -->
    <ExpiresIn  ref="token.ttl">400000</ExpiresIn>
    <RefreshTokenExpiresIn ref="token.ttl">400000</RefreshTokenExpiresIn>
    <SupportedGrantTypes>
        <GrantType>password</GrantType>
    </SupportedGrantTypes>
    <GrantType>token.grantType</GrantType>
    <UserName>token.userName</UserName>
    <PassWord>token.password</PassWord>
    <Attributes>
        <Attribute name="clientIP" ref="token.clientIP"/>
 	<Attribute name="ttl" ref="token.ttl"/>           
    </Attributes>
    <GenerateResponse enabled="true"/>
    <GenerateErrorResponse enabled="true"/>
</OAuthV2>

Refresh Token policy -

<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuthV2-AccessTokenRefresh">
    <DisplayName>OAuthV2-AccessTokenRefresh</DisplayName>
    <Operation>RefreshAccessToken</Operation>
    <GrantType>request.formparam.grant_type</GrantType>
    <RefreshToken>request.formparam.refreshtoken</RefreshToken>
    <GenerateResponse enabled="true"/>
</OAuthV2>

Note I need to use same ttl for both access token and refresh token. The value for ExpiresIn is received from back end service in access token flow that is not available in refresh token flow.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Hello @Sujnana Rai,

1. How do you know that its not working ? Have you done a verify access token and seen the value of this parameter ?

2. Have you checked if "token.ttl" is not null ?

3. You have to also include the same 2 parameters in RefreshAccessToken operation. That means, you need to make the two parameters available to be used.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Hi Meghdeep,

Yes, I verified through verify access token. The token.ttl is not null (verified in trace). If it is null the it should set 400000 milli and refresh token should also use the same value.

The token.ttl is not available in RefreshAccessToken flow as it comes from back end service. Hence it is not included in RefreshAccessToken. Actually, this is the issue I am facing here. I need to get ExpiresIn value that is set in access token and pass it to RefreshAccessToken.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

So, what is the value you see in verifyaccesstoken ? 400000 or variable ?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

It starts from decreasing the value of token.ttl.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Thanks. This is resolved. I am able to extract custom attributes in GetOAuthV2Info. Here are the policies -

Generate token policy (set ttl as custom attribute) - 

<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-ValidateKeySecret">
    <DisplayName>OAuth-ValidateKeySecret</DisplayName>
   
    <Operation>GenerateAccessToken</Operation>    
    <ExpiresIn ref="token.ttl">400000</ExpiresIn>
    <SupportedGrantTypes>
        <GrantType>password</GrantType>
    </SupportedGrantTypes>
    <GrantType>request.formparam.grant_type</GrantType>
    <UserName>request.formparam.username</UserName>
    <PassWord>request.formparam.password</PassWord>
    <Attributes>
        <Attribute name="ttl" ref="token.ttl"> 400000 </Attribute>        
    </Attributes>
    <GenerateResponse enabled="true"/>
    <GenerateErrorResponse enabled="true"/>
</OAuthV2>

Get OAuth info (this is to read custom attribute ttl)

<GetOAuthV2Info async="false" continueOnError="false" enabled="true" name="GetOAuth-GetAttribute">
    <DisplayName>GetOAuth-GetAttribute</DisplayName>
    <RefreshToken ref="request.formparam.refreshtoken"/>
    <IgnoreAccessTokenStatus>true</IgnoreAccessTokenStatus>
</GetOAuthV2Info>

Token Refresh 

<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-TokenRefresh">
    <DisplayName>OAuth-TokenRefresh</DisplayName>
    <Operation>RefreshAccessToken</Operation>
    <ExpiresIn ref="oauthv2accesstoken.GetOAuth-GetAttribute.accesstoken.ttl">400000</ExpiresIn>
    <GrantType>request.formparam.grant_type</GrantType>
    <RefreshToken>request.formparam.refreshtoken</RefreshToken>
    <GenerateResponse enabled="true"/>
</OAuthV2>
Jump to Solution
0 Likes