This question is in reference to Atlassian Documentation: OAuth on Bitbucket Cloud
I am trying to see how long I could save the refresh token in the database before I have to request authentication from the user again.
Community moderators have prevented the ability to post new answers.
Access tokens sure do expire, as per the RFC.
The access token response contains the expires_in parameter that tells you how long the token will be valid for.
You don't have to re-request authorization from the end user though, as you get a refresh token that can be used to get a new access token.
So after the refresh token expires and I request for a new access token with the expired refresh token, what error should I be expecting? Also, do you know how long the refresh token lasts? In this case, the only way to get an access token is to ask the user to oauth again.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry, refresh tokens do not expire. I entirely misread your question. Access tokens expire as per the spec, refresh tokens do not expire.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Are there any limits for an OAuth consumer for generating access tokens? Is there any cleanup that needs to be performed on the consumer side for tokens that expire then never used again?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No. Access tokens don't actually represent any state on our side. They are merely an encrypted data structure that includes their owner, related consumer, list of scopes and expiration timestamp.
No cleanup by a service provider is necessary.
End users can actively revoke their authorization though. This is implemented on our end by us deleting their refresh token from the database which effectively orphans any remaining access tokens.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.