Hi,
In the SAML Machine User Documentation,
ref: https://docs.apigee.com/api-platform/system-administration/automating-tasks
its mentioned we can use the refresh_token to generate new access token. But could not find the validity time/TTL of refresh_token.
From Token response, i could not find the access token TTL but not refresh token TTL.
Can you please provide the default expiration period of refresh token ?
If its configurable at org level by admin, can you please provide navigation flow to view/edit?
Much appreciated your help.
Solved! Go to Solution.
I don't think the expiry of the refresh token is documented.
The access token and refresh token are both JWT, and they include issued-at and expiry times in the claims. Therefore you can directly inspect the "iat" and "exp" claims for yourself to determine the lifetime of the refresh token .
In my case the token is good for 30 days.
$ jwthp "eyJhbGc....uHt2wnFUY9ZbQ"<br> { "alg": "RS256" } { "jti": "483a74d1-64c6-43ba-93e2-a6c883c47fe3-r", "sub": "eeeeed72-aaaa-bbbb-cc-777788889999b3", "scope": [ "scim.emails.read", "scim.me", "openid", "password.write", "approvals.me", "scim.ids.read", "oauth.approvals" ], "iat": 1559671469, "exp": 1562263469, "cid": "edgecli", "client_id": "edgecli", "iss": "https://login.apigee.com", "zid": "uaa", "grant_type": "password", "user_name": "dchiesa@google.com", "origin": "usergrid", "user_id": "eeeeed72-aaaa-bbbb-cc-777788889999b3", "al": 0, "aud": [ "edgecli", "scim.emails", "scim", "openid", "password", "approvals", "scim.ids", "oauth" ], "iatStr": "2019-06-04T18:04:29Z", "expStr": "2019-07-04T18:04:29Z" }
BTW, that "jwthp" thing is an alias for bash that decodes (but does not verify) a JWT, obtained from here.
I don't think the expiry of the refresh token is documented.
The access token and refresh token are both JWT, and they include issued-at and expiry times in the claims. Therefore you can directly inspect the "iat" and "exp" claims for yourself to determine the lifetime of the refresh token .
In my case the token is good for 30 days.
$ jwthp "eyJhbGc....uHt2wnFUY9ZbQ"<br> { "alg": "RS256" } { "jti": "483a74d1-64c6-43ba-93e2-a6c883c47fe3-r", "sub": "eeeeed72-aaaa-bbbb-cc-777788889999b3", "scope": [ "scim.emails.read", "scim.me", "openid", "password.write", "approvals.me", "scim.ids.read", "oauth.approvals" ], "iat": 1559671469, "exp": 1562263469, "cid": "edgecli", "client_id": "edgecli", "iss": "https://login.apigee.com", "zid": "uaa", "grant_type": "password", "user_name": "dchiesa@google.com", "origin": "usergrid", "user_id": "eeeeed72-aaaa-bbbb-cc-777788889999b3", "al": 0, "aud": [ "edgecli", "scim.emails", "scim", "openid", "password", "approvals", "scim.ids", "oauth" ], "iatStr": "2019-06-04T18:04:29Z", "expStr": "2019-07-04T18:04:29Z" }
BTW, that "jwthp" thing is an alias for bash that decodes (but does not verify) a JWT, obtained from here.
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |