TokenDatabase in VerifyAccessToken operation

chandradixit · 10-19-2020 12:06 PM

Hi ,

I am facing an issue in apigee where we have a azure AD generated access token validation shared flow. The flow starts with a veryfyAccessToken policy step to check if an incoming token is known to apigee. For the first time when a new token is generated we expect this verifyAccessToken policy step to fail and a new token is generated using the apigee to Azure AD connection, For the subsequent transactions with the same token token the verifyAccessToken operation passes successfully.

What we are noticing now that after some transactions on the existing token , apigee starts throwing error on the VerifyAccessToken policy step even though the token is not expired. What i want to know if there is a configuration in apigee which sets any internal expiry on the token or a number of times type counter. Which causes it to expire after a certain time and we see these errors.

Thanks

Chandra

Report Inappropriate Content

I guess you are storing the token in Apigee. By default, Apigee has token expiry time in the infra level configuration. I think that is getting applied.

chandradixit

Thanks Priyadharshi, do you know where i can find the value for the deafult setting. I checked around in Edge portal but couldn't find it, is there any management api to get the value .

Report Inappropriate Content

you will find the token related to this in the below path.

/opt/apigee/edge-message-processor/token

You cannot change directly. Need to change through properties files.

chandradixit

We are on the Cloud version , so no access to files 🙂

Report Inappropriate Content

ohk. Then you need to check with Apigee support.