Over a million developers have joined DZone.

Changing Apigility's Auth Token Expiry

Just two lines of code can really extend the life of an OAuth 2 token.

· Integration Zone

Build APIs from SQL and NoSQL or Salesforce data sources in seconds. Read the Creating REST APIs white paper, brought to you in partnership with CA Technologies.

By default, the OAuth 2 token that is generated in an Apigility app expires in one hour. Upon expiry, the client is expected to use the refresh token to get a new access token.

You can see this when you authenticate via a POST to/oauth as you get this response back:

{
    "access_token": "3812aaea7640a2567c66e21e2587450821103552",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": null,
    "refresh_token": "72d5df08c971526a4ba7c83ec2a7b92d82d9715b"
}

If you need longer than 1 hour, then simply add this top level configuration setting:

  'zf-oauth2' => [
        'access_lifetime' => 7200,
    ],

The access_lifetime key controls the expiry time and is in seconds, so in this case I've set it to 2 hours.

The Integration Zone is brought to you in partnership with CA Technologies.  Use CA Live API Creator to quickly create complete application backends, with secure APIs and robust application logic, in an easy to use interface.

Topics:
oauth 2.0 ,apigility ,tokens

Published at DZone with permission of Rob Allen, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}