Token duration per client

Overview


This document explains access/refresh token duration per client. 


Introduction


SInce Authelte 2.1, access/refresh token duration can be set per client. 

How to calculate token duration


Configuration



Here are steps to set access/refresh token duration per client.

1. Access the client developer console and login as a service owner (= login using the API key and secret of a service as login credentials). 

2. Open the client edit page and click "Extension" tab. And then, set "Access Token Duration In seconds" and "Refresh Token Duration In seconds" .
Set token duration per cleint at Client Developer Console


Example


In the following examples, we issue access tokens by simulating the implicit flow under several conditions. Note that we have a service and clients with the following configurations:

  • The access token duration for the service is 86,400 seconds.
  • The access token duration for the clients is as follows:
    • The access token duration for client1 is not set.
    • The access token duration for client2 is 3,000 seconds.

1. When a request is made by client1

{
  "type":"authorizationIssueResponse",
  "accessTokenDuration":86400,
  "responseContent":"http://localhost:4180/api/mock/redirection/8076662300#access_token=1zT0XRynwLryWYRKCYSDjrwku5sD-WQTCtC1tnfExZE&token_type=Bearer&expires_in=86400&scope=openid"
}

=>  The access token duration for the service is used.

2. When a request is made by client2

{
  "type":"authorizationIssueResponse",
  "accessTokenDuration":3000,
  "responseContent":"http://localhost:4180/api/mock/redirection/8076662300#access_token=xg79MJucCq8f8QPA2_o9_q5nfzgbRQycgVwYSvMSWTY&token_type=Bearer&expires_in=3000&scope=openid"
}

=>  The access token duration for the client2 is used.
How did we do with this article?