We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Saviynt API Access - Refresh Token Expiry [SSO Protected Saviynt Instance]

Sivagami
Valued Contributor
Valued Contributor

Hi Team,

I reviewed the forums post already - https://forums.saviynt.com/t5/identity-governance/api-access-for-sso-protected-saviynt/m-p/11846#M34... and understand that for OAuth 2.0 Refresh Token Authorization flow, I can login to the service account via UI and grab the refresh token and pass it to the API endpoint - {{url}}/ECM/oauth/access_token as per the documentation - https://documenter.getpostman.com/view/1797923/TVsvi7G2#74579b46-f6d9-4aff-add5-e60987093557 

My query is what is the expiry of this refresh token? 

-Siva

5 REPLIES 5

timchengappa
Saviynt Employee
Saviynt Employee

Hi @Sivagami 

Please refer to the below snip of documentation...

Note: If grails.plugin.springsecurity.rest.refreshtoken.storage.jwt.expiration is set to some value in Config.groovy, refresh token will expire based on this config in api/login api. This will generate a new refresh token if another config - grails.plugin.springsecurity.rest.refreshtoken.new is set to true in Config.groovy. For blank or null, it will return the same Refresh token as passed in oauth/access_token api

Ref: https://documenter.getpostman.com/view/1797923/Uz5KmEhE#intro

Thanks @timchengappa for the reply. But, we are in v5.5 SP3.x and not in EIC. So, does the config you mentioned holds good for 5.5 as well ?

Note: If grails.plugin.springsecurity.rest.refreshtoken.storage.jwt.expiration is set to some value in Config.groovy, refresh token will expire based on this config in api/login api. This will generate a new refresh token if another config - grails.plugin.springsecurity.rest.refreshtoken.new is set to true in Config.groovy. For blank or null, it will return the same Refresh token as passed in oauth/access_token api

-Siva

Hi @Sivagami. Yes, it does.

Sivagami
Valued Contributor
Valued Contributor

@timchengappa - Thanks for the response. I logged a freshdesk ticket - https://saviynt.freshdesk.com/support/tickets/1619108  and the support team confirmed that there is no config currently set in config.groovy and they can set it to something like below based on our requirement.

grails.plugin.springsecurity.rest.refreshtoken.new=true
grails.plugin.springsecurity.rest.refreshtoken.storage.jwt.expiration= 28800

 
If I understand correctly, if no configs are put in config.groovy file around refresh token, it never expires. 
 
If we put the suggested config, refresh token expires in 8 hrs (I believe this 28800 is in Seconds). How do I regenerate the refresh token programmatically when it expires?

-Siva

timchengappa
Saviynt Employee
Saviynt Employee

Hello @Sivagami 

Please refer to the documentaiton below and let me know if you have any fourther questions.

https://documenter.getpostman.com/view/1797923/SzzgAepY#a33841b2-7550-44b9-ac08-2901197f536b