Over a million developers have joined DZone.

Changing Apigility's Auth Token Expiry

DZone's Guide to

Changing Apigility's Auth Token Expiry

Just two lines of code can really extend the life of an OAuth 2 token.

· Integration Zone ·
Free Resource

Are your API program basics covered? Read the 5 Pillars of Full Lifecycle API Management eBook

By default, the OAuth 2 token that is generated in an Apigility app expires in one hour. Upon expiry, the client is expected to use the refresh token to get a new access token.

You can see this when you authenticate via a POST to/oauth as you get this response back:

    "access_token": "3812aaea7640a2567c66e21e2587450821103552",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": null,
    "refresh_token": "72d5df08c971526a4ba7c83ec2a7b92d82d9715b"

If you need longer than 1 hour, then simply add this top level configuration setting:

  'zf-oauth2' => [
        'access_lifetime' => 7200,

The access_lifetime key controls the expiry time and is in seconds, so in this case I've set it to 2 hours.

Establish API creation, publishing and discovery as a master practice with the API Management Playbook.

oauth 2.0 ,apigility ,tokens

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}