If I use the authorization_code operation in an OAuth2 policy, is there a TTL associated with the authorization code that is returned? If so, is there a way to modify the TTL to a specified value? If not, is there an issued_at parameter that can be used to simulate a TTL during the exchange for the auth token?
Solved! Go to Solution.
There is TTL associated with authorization code. Tag 'ExpiresIn' can be used to specify a value.
There is TTL associated with authorization code. Tag 'ExpiresIn' can be used to specify a value.
Hmmm, I don't think there is a default lifetime documented. That's puzzling, isn't it? I think it's safe to assume "no expiry" if you don't set one.
The way to set the time-to-live on the code is with the ExpiresIn element:
<OAuthV2 name="GenerateAuthorizationCode"> <Operation>GenerateAuthorizationCode</Operation> <!-- ExpiresIn, in milliseconds. The ref is optional. The explicitly specified value is the default, when the variable reference cannot be resolved. 60000 = 1 minute 120000 = 2 minutes --> <ExpiresIn>60000</ExpiresIn> <GenerateResponse enabled="true"/> </OAuthV2>
I'll ask the team to amend the doc so that the sample policy configuration for this policy includes the ExpiresIn element.
Any update to the docs?
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |