When do refresh tokens expire?

anonymous · September 20, 2016, 11:51pm

The docs say that refresh tokens expire, by default, in a system-specified default.

What is that default value and where is it configured? I see these properties scattered around:

$ grep -ri refresh * 2>/dev/null | grep expi
ingest-server/keymanagement.properties:oauth_refresh_token_expiry_time_in_millis=-1
management-server/keymanagement.properties:oauth_refresh_token_expiry_time_in_millis=-1
message-processor/keymanagement.properties:oauth_refresh_token_expiry_time_in_millis=-1
postgres-server/keymanagement.properties:oauth_refresh_token_expiry_time_in_millis=-1
qpid-server/keymanagement.properties:oauth_refresh_token_expiry_time_in_millis=-1
router/keymanagement.properties:oauth_refresh_token_expiry_time_in_millis=-1

Is that the right property? Does that mean that they never expire? Which file would we need to update?

We’re using OPDK 4.15.07.00

anonymous · September 21, 2016, 6:03am

Hello @Eric Dahl,

Great Question..!

Yes, you are right. The value specified in parameter “oauth_refresh_token_expiry_time_in_millis” at config file “keymanagement.properties” defines the expiry time of the refresh token.

The value “-1” specifies the expiry time is infinite.

Hope this helps.!

anonymous · September 22, 2016, 7:43pm

Also, does Apigee eventually remove these expired refresh tokens from Cassandra?

Topic		Replies	Views
When are access tokens purged from Cassandra? Apigee api-runtime	2	17	October 27, 2016
How to I generate different expiry time for refresh token than the access token ? Apigee api-runtime	2	2	June 23, 2015
conf_keymanagement_oauth_access_token_expiry_time_in_millis usage? Apigee api-runtime	2	13	July 13, 2018

When do refresh tokens expire?

AI Suggested topics