Jul 25th, 2012, 05:12 AM
changing token validity
How can I change the token validity (expiry)? I've tried this:
<oauth:client client-id="mobile_android" ... access-token-validity="60"/>
I was expecting the validity to change to 60 seconds. But now change when I get a new token... Is this a bug and was that recently fixed or is it my error?
Jul 25th, 2012, 06:22 AM
Are your tokens stored in memory? If so then that setting should take effect on restart of the server. If the tokens are in a persistent back end then of course you have to wait for them to expire.
Last edited by Dave Syer; Jul 25th, 2012 at 06:35 AM.
Jul 25th, 2012, 06:42 AM
so the <oauth:client> configuration did not have any effect for me. Instead, I now configured the DefaultTokenService and this seems to work:
<bean id="tokenServices" class="org.springframework.security.oauth2.provide r.token.DefaultTokenServices" >
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
<property name="refreshTokenValiditySeconds" value="2592000" /> <!-- 60*60*24*30 = 30d -->
<property name="accessTokenValiditySeconds" value="60" /> <!-- 60*60*12 = 12h 43200 -->
Is the <oauth:client> config option valid, should it work? If so, it does not for me. I just updated tot the latest code from github and ran mvn package to get the latest jar into my project.
Jul 25th, 2012, 07:46 AM
Yes it's valid. It only works if you actually supply a ClientDetailsService to the DefaultTokenServices (maybe you missed that).