Would like to know how many times can we keep on refreshing token to get new access tokens which is represented by "refresh_count"? Is there any upper limit to it?
{ "application_name": "5d2892g7-72e8-629c-aa75-53dc8854cd11", "scope": "DELETE READ WRITE", "refresh_token_issued_at": 1432191985596, "refresh_token_status": "approved", "expires_in": 7199, "client_id": "ysmvT5HwQrBOGqvijhc0G9Nl7l7K6L", "old_access_token_life_time": "1257891846", "access_token": "FWb1SZqkGvM16qhW18PQFjuqTeBV", "refresh_count": 16, "issued_at": 1432191985596, "grant_type": "authorization_code", "status": "approved", "api_product_list": "[sandbox_readwrite]", "developer.email": "developer@example.com", "token_type": "Bearer", "refresh_token": "aAs0LhZObGIX691jPbd4hPeBR0wOtXF", "refresh_token_expires_in": 0, "organization_name": "something" }
Dear @Jayant Mukherjee ,
As far as i know there is no upper limit on this. But, you can use this flow variable and define restrictions based on your needs.
Refresh Count value is available on variable oauthv2accesstoken.{policyName}.refresh_count and can be used further in different flows / policies in your api proxy for access restrictions.
Cheers,
Anil Sagar
Thanks @asagar,
We dont want to restrict but will be then using this feature for different workflow, so just wanted to know if this refreshing can be done infinitely.
- Jayant
@Anil Sagar, is refresh_count can be fetched from an expired access token? If not then how to check the refresh_count prior refreshing the access token?
@Jayant Mukherjee I am assuming you have systems in place to deal with access tokens/refresh token based security. I mean why refresh a token when you can get a new one? Then tradeoffs here. Also have the ability to store/revoke refresh tokens in your system
Take a look at this small brief on why concept of Refresh token exists.
http://www.ietf.org/mail-archive/web/oauth/current/msg06687.html
Please ignore if you have already taken care of all this.
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |