OAuth refresh token expiration

B Engelstock
Tera Expert

Hi,

I have an OAuth app registry entry with the below configuration. It was created 24-Oct-2019. I would expect the refresh token to expire after 100 days (Refresh Token Life span = 8.640.000) but when I look at the refresh token in oauth_credential table, it says expirery is 17-May-2024. That is more than 4 years after it was created. Can anyone explain how that can happen?
I am not a prof in this area - maybe there is a simple explanation, allthough it is almost impossible to find information about how expire dates are calculated and what to do when it expires.

OAuth app registration:

 

Accessible from = All application scopes
Access Token Lifespan = 1800
Active = TRUE
Authorization Code Lifespan = 60
Client ID = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Client Secret = **********
OAuth Application UUID = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Default Grant type = Resource Owner Password Credentials
ID Token Lifespan = 86400
Message Signature Lifespan = 60
Mobile Client = FALSE
Name = OmadaClient
Public Client = FALSE
Refresh Token Lifespan = 8640000
Enforce Token Restrictions = FALSE
Disable consent screen = FALSE
Class = Application Registries
Type = OAuth Client
Use mutual authentication = FALSE

 

Any feedback appreciated šŸ™‚

Regards, Bjarne Engelstock

2 REPLIES 2

AdrianL
Tera Contributor

we have the reverse issues : token expiration with a frequency of half a day, that is much earlier than 100 days

Hello AdrianL,

 

Do you get any solution for this issue? I am facing same issue