Hi,
Please can you advise whether oAuthV2 Policy RefreshAccessToken can able decrement the newly generated Refresh Token expires_in automatically based on requested time lag
First Time Generate Access Token
Access Token Exires in : 1000 ms (Fixed we are passing)
Refresh Token Expresin : 10000 ms
Client come with refresh_token grant type say after 2000 ms, then whether It will automatically have expiry time as beow
Access Token Exires in : 1000 ms (Fixed we are passing)
Refresh Token Expresin : 8000 ms (which is previously issued one 10000 - time lag 2000 ms 8000 ms)
1 Like
I like this question.
The OAuthV2 policy does not automatically perform that calculation.
But, you can do it in a straightforward manner by using a calculation in a JS Step.
The policy configuration might look like this:
<OAuthV2 name="RefreshAccessToken">
<Operation>RefreshAccessToken</Operation>
<GenerateResponse enabled="true"/>
<ExpiresIn ref='calculated_expiry_of_access_token'/>
<RefreshTokenExpiresIn ref='calculated_expiry_of_new_refresh_token'/>
<Attributes>
<Attribute name="original_issued_at" ref="original_issued_at" display="false"/>
</Attributes>
</OAuthV2>
As you can see, the expiry times are set via the values of two context variables. And your JS step would need to run just prior to that step, and would need to set those two context variables according to your desired arithmetic.
To calculate the desired expiry, you will need to know when the original token was issued, and you can get that with a VerifyAccessToken or with a GetOAuthV2Info policy. Then you can set a custom attribute on the NEW (refreshed) token with the original issued_at time. You probably want that same custom attribute on the original token, to simplify handling.