This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Any upper limit for refreshing access token?

Posted on 05-25-2015 02:53 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Would like to know how many times can we keep on refreshing token to get new access tokens which is represented by "refresh_count"? Is there any upper limit to it?

{ 
    "application_name": "5d2892g7-72e8-629c-aa75-53dc8854cd11", 
    "scope": "DELETE READ WRITE", 
    "refresh_token_issued_at": 1432191985596, 
    "refresh_token_status": "approved", 
    "expires_in": 7199, 
    "client_id": "ysmvT5HwQrBOGqvijhc0G9Nl7l7K6L", 
    "old_access_token_life_time": "1257891846", 
    "access_token": "FWb1SZqkGvM16qhW18PQFjuqTeBV", 
    "refresh_count": 16,
    "issued_at": 1432191985596, 
    "grant_type": "authorization_code", 
    "status": "approved", 
    "api_product_list": "[sandbox_readwrite]", 
    "developer.email": "developer@example.com", 
    "token_type": "Bearer", 
    "refresh_token": "aAs0LhZObGIX691jPbd4hPeBR0wOtXF", 
    "refresh_token_expires_in": 0, 
    "organization_name": "something" 
}
1 4 546
Topic Labels
4 REPLIES 4

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Dear @Jayant Mukherjee ,

As far as i know there is no upper limit on this. But, you can use this flow variable and define restrictions based on your needs.

Refresh Count value is available on variable oauthv2accesstoken.{policyName}.refresh_count and can be used further in different flows / policies in your api proxy for access restrictions.

Cheers,

Anil Sagar

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to anilsr
Reply posted on --/--/---- --:-- AM

Thanks @asagar,

We dont want to restrict but will be then using this feature for different workflow, so just wanted to know if this refreshing can be done infinitely.

- Jayant

0 Likes

Posted on --/--/---- --:-- AM
Feroz_Mahammad
New Member
In response to anilsr
Reply posted on --/--/---- --:-- AM

@Anil Sagar, is refresh_count can be fetched from an expired access token? If not then how to check the refresh_count prior refreshing the access token?

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

@Jayant Mukherjee I am assuming you have systems in place to deal with access tokens/refresh token based security. I mean why refresh a token when you can get a new one? Then tradeoffs here. Also have the ability to store/revoke refresh tokens in your system

Take a look at this small brief on why concept of Refresh token exists.

http://www.ietf.org/mail-archive/web/oauth/current/msg06687.html

Please ignore if you have already taken care of all this.

0 Likes