Menu
Is it possible to update/reset the expiry time of an access token programatically? If yes, which class/filter would be the best place to do it so that expiry time can be updated in JDBC token store.
752
By default, access tokens are valid for 60 days and programmatic refresh tokens are valid for a year. The member must reauthorize your application when refresh tokens expire.
Default value is 86,400 seconds (24 hours). Maximum value is 2,592,000 seconds (30 days). The Token Expiration For Browser Flows (Seconds) field refers to access tokens issued for the API via implicit and hybrid flows and does not cover all flows initiated from browsers.
The OAuth 2.0 standard, RFC 6749, defines the expires_in field as the number of seconds to expiration: expires_in: RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated.
The validity period of the session token is typically an hour. However, this can vary per portal and environment based on a backend setting.
To update the expiry time of an access token globally you should have to create instance of the DefaultTokenServices & inject into the AuthorizationServerEndpointsConfigurer like this :
public AuthorizationServerTokenServices customTokenServices(){
TokenServices tokenServices = new DefaultTokenServices();
tokenServices.setReuseAccessToken(reuseAccessToken);
tokenServices.setTokenStore(tokenStore());
tokenServices.setSupportRefreshToken(true);
tokenServices.setAccessTokenValiditySeconds(<seconds>);
tokenServices.setClientDetailsService(clientDetailsService);
return tokenServices;
}
& put this tokenServices in AuthorizationServerEndpointsConfigurer like this.
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenServices(customTokenServices()).
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
