This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

access token won't expire after max time

Posted on 04-09-2019 02:28 AM
pedrodantas
New Member
Reply posted on --/--/---- --:-- AM

Hi guys,

I've set up a oauth access authorization policy as such:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 name="GenerateAccessTokenClient">
    <!-- This policy generates an OAuth 2.0 access token using the client_credentials grant type -->
    <Operation>GenerateAccessToken</Operation>
    <!-- This is in millseconds, so expire in an hour -->
    <ExpiresIn>3600000</ExpiresIn>
    <SupportedGrantTypes>
        <GrantType>client_credentials</GrantType>
    </SupportedGrantTypes>
    <GrantType>request.queryparam.grant_type</GrantType>
    <GenerateResponse enabled="true"/>
</OAuthV2>

As you can see, it sets the token for 3600000 miliseconds (one hour) expiration, and accordingly, when I retrieve the token, it states a time-to-live of 3600 seconds.

{
    "refresh_token_expires_in": "0",
    "api_product_list": "[Booking-Product]",
    "api_product_list_json": [
        "Booking-Product"
    ],
    "organization_name": "...",
    "developer.email": "...",
    "token_type": "BearerToken",
    "issued_at": "1554732067048",
    "client_id": "...",
    "access_token": "...",
    "application_name": "662f6edc-6421-418c-bf23-9a68d47e9730",
    "scope": "",
    "expires_in": "3599",
    "refresh_count": "0",
    "status": "approved"
}

However, it's lasting for quite a while longer than that. I'm not sure for how long exactly, but definitivelly for at least a few hours. So my question is, what am I doing wrong here? Am I misunderstanding how the expiration time should work?

Thanks a lot.

Pedro

0 1 146
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

it's lasting for quite a while longer than that. I'm not sure for how long exactly, but definitivelly for at least a few hours.

What leads you to this conclusion? Describe how you tested the scenario, in some detail. Can you test more thoroughly and give me a precise amount of time, beyond "definitely at least a few hours"?

I don't think you're misunderstanding things. After the "expires in" number of second elapses, the token is invalid. We have tested this thoroughly over the years. So if you are seeing an expiry that is not enforced, something unusual is going on, and we will need some diagnostic information to check it out.

0 Likes