How to calculate token duration

The logic of how to calculate access (refresh) token duration varies, depending on the Authlete version. Here are the specific calculation steps.

(Suppose that duration is the resulting token duration.)

1. Get the value of the token duration of the service and set duration to it as its initial value.

Since Authlete 2.0, the following steps are additionally performed
2. If token duration is set for any of the requested scopes (see this for more details), perform the following steps.
  2.1. Get the minimum value out of all the token durations that are set for those scopes.
  2.2. Set duration to the smaller of the value obtained in 2.1 and the current duration.

Since Authlete 2.1, the following step is additionally performed
3. If token duration is set for the requesting client (see this for more details),
set duration to the smaller of the token duration set for the client and the current duration.


How did we do with this article?