This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Saviynt API Access - Refresh Token Expiry [SSO Protected Saviynt Instance]

Sivagami
All-Star
All-Star

‎04/06/2023 03:17 PM

Hi Team,

I reviewed the forums post already - https://forums.saviynt.com/t5/identity-governance/api-access-for-sso-protected-saviynt/m-p/11846#M34... and understand that for OAuth 2.0 Refresh Token Authorization flow, I can login to the service account via UI and grab the refresh token and pass it to the API endpoint - {{url}}/ECM/oauth/access_token as per the documentation - https://documenter.getpostman.com/view/1797923/TVsvi7G2#74579b46-f6d9-4aff-add5-e60987093557 

My query is what is the expiry of this refresh token? 

-Siva

Labels:
0 Kudos
5 REPLIES 5

timchengappa
Saviynt Employee
Saviynt Employee

‎04/10/2023 03:01 PM

Hi @Sivagami 

Please refer to the below snip of documentation...

Note: If grails.plugin.springsecurity.rest.refreshtoken.storage.jwt.expiration is set to some value in Config.groovy, refresh token will expire based on this config in api/login api. This will generate a new refresh token if another config - grails.plugin.springsecurity.rest.refreshtoken.new is set to true in Config.groovy. For blank or null, it will return the same Refresh token as passed in oauth/access_token api

Ref: https://documenter.getpostman.com/view/1797923/Uz5KmEhE#intro

Sivagami
All-Star
All-Star
In response to timchengappa

‎04/12/2023 02:37 PM

Thanks @timchengappa for the reply. But, we are in v5.5 SP3.x and not in EIC. So, does the config you mentioned holds good for 5.5 as well ?

Note: If grails.plugin.springsecurity.rest.refreshtoken.storage.jwt.expiration is set to some value in Config.groovy, refresh token will expire based on this config in api/login api. This will generate a new refresh token if another config - grails.plugin.springsecurity.rest.refreshtoken.new is set to true in Config.groovy. For blank or null, it will return the same Refresh token as passed in oauth/access_token api

-Siva

0 Kudos

timchengappa
Saviynt Employee
Saviynt Employee
In response to Sivagami

‎04/12/2023 02:50 PM

Hi @Sivagami. Yes, it does.

0 Kudos

Sivagami
All-Star
All-Star

‎04/25/2023 09:55 AM

@timchengappa - Thanks for the response. I logged a freshdesk ticket - https://saviynt.freshdesk.com/support/tickets/1619108  and the support team confirmed that there is no config currently set in config.groovy and they can set it to something like below based on our requirement.

grails.plugin.springsecurity.rest.refreshtoken.new=true
grails.plugin.springsecurity.rest.refreshtoken.storage.jwt.expiration= 28800

 
If I understand correctly, if no configs are put in config.groovy file around refresh token, it never expires. 
 
If we put the suggested config, refresh token expires in 8 hrs (I believe this 28800 is in Seconds). How do I regenerate the refresh token programmatically when it expires?

-Siva

0 Kudos

timchengappa
Saviynt Employee
Saviynt Employee

‎04/25/2023 01:28 PM

Hello @Sivagami 

Please refer to the documentaiton below and let me know if you have any fourther questions.

https://documenter.getpostman.com/view/1797923/SzzgAepY#a33841b2-7550-44b9-ac08-2901197f536b

0 Kudos
Copyright © 2023 Khoros, LLC