{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • General /
avatar image
0
Question by MarlenePecotich · Apr 07, 2020 at 05:49 AM · 68 Views refresh tokenraisefaultscopes

Recommended way to introduce new scopes to existing clients

Hi,

We have a new proxy that is verifying the access tokens using new scopes.

We would like an existing developer app to include the new scopes so we have added the new scopes to the associated API product.

When the new access tokens are generated, then it contains the new scopes as expected.

However, our apps use the refresh token (after the initial access token expires) to generate the new access token. The apps continue to use the same refresh token to generate a new access token until the refresh token expires.This is because ReuseRefreshToken is set to true in the RefreshAccessToken policy. By using an existing refresh token (before the scope was updated in the API product), the new access tokens still have the old scopes.

What is the recommended way for the access tokens to get the new scopes? I had a couple of options that I was considering.

1) Change the ReuseRefreshToken to false to force the client apps to generate a new access token and refresh token. Hence, will pick up the new scopes.

2) Let the refresh token expire.Then generate a new access token which will now contain the new scopes.

3) Any other ideas?

The main thing that I want to avoid is any performance issues to the system. I am more inclined to go with option 2 myself. Just wanted to know anyone else thoughts?

Thanks!

Comment
Add comment
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Close

1 Answer

  • Sort: 
avatar image
0

Answer by Sujith Mathew · Apr 09, 2020 at 04:31 PM

i would suggest to directly communicate this with your major clients who are the real stakeholders , and get their opinion. Finally API clients are like our customers :)

If you ask me, use option 2 and i hope the refreshtoken expiry is not too long.But inform the client and get their concurrance for seamless transition.

Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Follow this Question

Answers Answers and Comments

52 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Is there any way to enable usage of access tokens across API Keys 2 Answers

Refresh token not working when generated externally 0 Answers

Raise fault policy returns unexpected status code 1 Answer

Is it possible to get a list of all refresh tokens and their attributes via an API call? 2 Answers

Issue with Oauth2.0 Scope modification/addition while token generation 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Badges