Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Changing Apigility's Auth Token Expiry

DZone's Guide to

Changing Apigility's Auth Token Expiry

Just two lines of code can really extend the life of an OAuth 2 token.

· Integration Zone
Free Resource

Learn how API management supports better integration in Achieving Enterprise Agility with Microservices and API Management, brought to you in partnership with 3scale

By default, the OAuth 2 token that is generated in an Apigility app expires in one hour. Upon expiry, the client is expected to use the refresh token to get a new access token.

You can see this when you authenticate via a POST to/oauth as you get this response back:

{
    "access_token": "3812aaea7640a2567c66e21e2587450821103552",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": null,
    "refresh_token": "72d5df08c971526a4ba7c83ec2a7b92d82d9715b"
}

If you need longer than 1 hour, then simply add this top level configuration setting:

  'zf-oauth2' => [
        'access_lifetime' => 7200,
    ],

The access_lifetime key controls the expiry time and is in seconds, so in this case I've set it to 2 hours.

Unleash the power of your APIs with future-proof API management - Create your account and start your free trial today, brought to you in partnership with 3scale.

Topics:
oauth 2.0 ,apigility ,tokens

Published at DZone with permission of Rob Allen, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}