what is maximum expiry limit for access token and refresh token of oauth 2.0

Go to solution
supriya pratapa
Tera Guru

‎06-25-2024 01:12 AM

 
0 Helpfuls
  • 3,634 Views
1 ACCEPTED SOLUTION

Go to solution
Robbie
Kilo Patron
Kilo Patron

‎06-25-2024 01:23 AM - edited ‎06-25-2024 01:38 AM

Hi @supriya pratapa,

 

ServiceNow Token Expiration and Validity is as follows, however, please note whilst these values can be set manually and extended as you so wish (For example you can push out the value for 2 or 3 years plus), I would not recommend this and I would steer you towards best practice and your organizations security standards.

 

  • Access Token: By default, an instance issues access tokens with a 30-minute lifespan in the scenario where the instance is the OAuth provider.
  • Refresh Token: By default, an instance issues refresh tokens with a 100-day lifespan in the scenario where the instance is the OAuth provider.

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Kudos.


Thanks, Robbie

View solution in original post

2 REPLIES 2

Go to solution
SN_Learn
Kilo Patron
Kilo Patron

‎06-25-2024 01:22 AM

Hi @supriya pratapa ,

 

  • Access Token: By default, an instance issues access tokens with a 30-minute lifespan in the scenario where the instance is the OAuth provider.
  • Refresh Token: By default, an instance issues refresh tokens with a 100-day lifespan in the scenario where the instance is the OAuth provider.

Please have a look at the Doc: Manage OAuth tokens 

 

Please mark helpful and accept my solution if it is helps you any way.

----------------------------------------------------------------
Mark this as Helpful / Accept the Solution if this helps.
0 Helpfuls

Go to solution
Robbie
Kilo Patron
Kilo Patron

‎06-25-2024 01:23 AM - edited ‎06-25-2024 01:38 AM

Hi @supriya pratapa,

 

ServiceNow Token Expiration and Validity is as follows, however, please note whilst these values can be set manually and extended as you so wish (For example you can push out the value for 2 or 3 years plus), I would not recommend this and I would steer you towards best practice and your organizations security standards.

 

  • Access Token: By default, an instance issues access tokens with a 30-minute lifespan in the scenario where the instance is the OAuth provider.
  • Refresh Token: By default, an instance issues refresh tokens with a 100-day lifespan in the scenario where the instance is the OAuth provider.

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Kudos.


Thanks, Robbie