I am going through the Oauth2.0 process and when I exchange my code for an access token, it responds with my token, my scope, expires_in, and type.
Expires_In is always returning as 3600, or an hour.
How do I extend this time?
Hi @Daniel_Goodfriend ,
I might not be the best person to answer this question, but I believe the same topic has already been discussed in the below thread in the Developers Community (even if related to Stride development, the answer still applies) in post #8:
In there I can read:
There is no way to extend the lifetime of an access token. You’ll have to request a new one every hour (or when you do a request and notice that the old one expired). Some libraries (like the stride-node-client 1) will take care of that for you.
If I had to make an educated guess, I’d say that’s a security feature. If one such token got into the wrong hands, an attacker could read message histories, read out user profiles, etc. With an API token, all they could do is send messages, so there’s no risk of privacy loss, so it’s okay for these to be long-lived.
Then, I have also found the below 2 threads:
Access tokens sure do expire, as per the RFC.
The access token response contains the expires_in parameter that tells you how long the token will be valid for.
You don't have to re-request authorization from the end user though, as you get a refresh token that can be used to get a new access token.
As said in the doc, 'refresh token that can then be used to generate a new access token'. So, the new token generated will expire in an hour too!
"Our access tokens expire in one hour."
So, in order to summarize:
Finally, please notice that this might not be the best place to get help on development related questions. In case further help will be needed on this topic, you might want to ask the developers community instead, or open a ticket in the developers service desk:
I hope this helps.
Cheers,
Dario
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.