Announcement Announcement Module
Collapse
No announcement yet.
changing token validity Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • changing token validity

    How can I change the token validity (expiry)? I've tried this:

    <oauth:client client-id="mobile_android" ... access-token-validity="60"/>

    I was expecting the validity to change to 60 seconds. But now change when I get a new token... Is this a bug and was that recently fixed or is it my error?

    Thx
    Sven

  • #2
    Are your tokens stored in memory? If so then that setting should take effect on restart of the server. If the tokens are in a persistent back end then of course you have to wait for them to expire.
    Last edited by Dave Syer; Jul 25th, 2012, 06:35 AM. Reason: spelling

    Comment


    • #3
      so the <oauth:client> configuration did not have any effect for me. Instead, I now configured the DefaultTokenService and this seems to work:

      <bean id="tokenServices" class="org.springframework.security.oauth2.provide r.token.DefaultTokenServices" >
      <property name="tokenStore" ref="tokenStore" />
      <property name="supportRefreshToken" value="true" />
      <property name="refreshTokenValiditySeconds" value="2592000" /> <!-- 60*60*24*30 = 30d -->
      <property name="accessTokenValiditySeconds" value="60" /> <!-- 60*60*12 = 12h 43200 -->

      </bean>

      Is the <oauth:client> config option valid, should it work? If so, it does not for me. I just updated tot the latest code from github and ran mvn package to get the latest jar into my project.

      Comment


      • #4
        Yes it's valid. It only works if you actually supply a ClientDetailsService to the DefaultTokenServices (maybe you missed that).

        Comment

        Working...
        X