Token duration per client
Preface
This article describes instructions on how to configure access/refresh token duration per client. See "How Authlete determines token duration" for details on token duration.
Configuration
Here are steps to configure access/refresh token duration per client.
- Go to the client developer console and log in as a service owner (i.e. using the pair of API key and secret of the service as login credentials).
- Open the client edit page and click "Extension" tab so that you can see token duration settings. Enter values for "Access Token Duration In seconds" and "Refresh Token Duration In seconds" fields.
Example
Assume there are a service and two clients registered with it. Values of access token duration are set to some of the entities as follows.
Under this condition, Authlete's /auth/authorization/issue API make the following responses to implicit grant flow authorization requests sent from each of the clients.
Under this condition, Authlete's /auth/authorization/issue API make the following responses to implicit grant flow authorization requests sent from each of the clients.
1. Response to an authorization request from Client 1
{
"type":"authorizationIssueResponse",
"accessTokenDuration":86400,
"responseContent":"https://client.example.org/cb/example.com
#access_token=1zT0XRynwLryWYRKCYSDjrwku5sD-WQTCtC1tnfExZE
&token_type=Bearer
&expires_in=86400
&scope=openid"
}=> The access token duration for the Service is used.
2. Response to an authorization request from Client 2
{
"type":"authorizationIssueResponse",
"accessTokenDuration":3000,
"responseContent":"https://client.example.org/cb/example.com
#access_token=xg79MJucCq8f8QPA2_o9_q5nfzgbRQycgVwYSvMSWTY
&token_type=Bearer
&expires_in=3000
&scope=openid"
}=> The access token duration for the Client 2 is used.
How did we do with this article?