The documentation says that, by default, access tokens are purged from Cassandra after 180 days.
Note: By default, expired access tokens are purged from the Apigee Edge system automatically 180 days after expiration. See also Purging access tokens.
But, refresh tokens by default never expire and the refresh and access token is stored in the same Cassandra record.
Does that mean that the 180 day purge applies only to the access token’s expiration (and thus the infinite refresh token is deleted?). Or, does the purge also account for the refresh_token_expires_at, meaning that it never would purge tokens in the default setting?
I don’t see any details on this in the Operations Guide.
We’re using OPDK 4.15.07.00
1 Like
Hi @Eric Dahl
As mentioned in the docs, if the access token and refresh token are not set with the values and respectively, by default, then it will never be purged.
You can update purge settings as follows - (available in the docs)
- Apply settings to the and properties in the OAuthV2 policy. Values are in milliseconds. If the access token never expires, then it will never be purged. For example:
- Redeploy the proxy.
- Use this API to update the token purge properties for your organization:
Payload:
Desc
true <Property name="keymanagement.oauth20.access.token.purge.after.seconds”>120
|
- Restart the message processor. For example:
| /opt/apigee/apigee-service/bin/apigee-servie edge-message-processor restart |
This API sets the token purge property to true for the organization called AutomationOrganization. In this case, the access token will be purged from the database 120 seconds after both the token and refresh token expire.
Note: Only tokens that are generated after this procedure is applied will be purged. Tokens generated before this procedure is applied will not be purged.
You can read more about it here - http://docs.apigee.com/api-services/content/oauthv2-policy#purge
2 Likes