and more in a single search tool across platforms. Read the announcement here. |
05/15/2023 07:58 AM
Hi Team,
I would like to know what is the validity of refresh_token generated for saviynt APi for grant_type refresh_token. We wanted to use serviceaccount when sso is enabled as localauth is not working even after setting required flags.
Hence, we are trying with Service account which can be used to perform certain tasks using saviynt API.
But i have concern that when refresh_token is expired what is process to get new one so that process will not break.
Thanks
Sampath
05/15/2023 11:41 AM
As long as the user identity used to generate refreshtoken via Admin -> Settings -> Webservice auth is active, the refreshtoken generated will never expire unless config.groovy file is updated with an internal config as described in https://forums.saviynt.com/t5/identity-governance/saviynt-api-access-refresh-token-expiry-sso-protec... to let the refresh token expire as well after certain time period.
05/16/2023 02:51 AM
Hi Sivgami
I have generated token using the UI->Webservice Auth. However, i have refreshed it multiple time is postman using following API: {{savEnv}}/ECM/oauth/access_token but the refresh_token is same always. I understand that it is not going to expire as long as user is active and properties in config.groovy are overridden.
However, everywhere we are being asked to verify properties in conifg.groovy file but it not visible for admins . Do we need to contact saviynt team to verify the mentioned configs in the following reference link: https://documenter.getpostman.com/view/1797923/Uz5KmEhE#4c74057e-5267-420a-95af-ba0c45a90b40
Note: If grails.plugin.springsecurity.rest.refreshtoken.storage.jwt.expiration is set to some value in Config.groovy, refresh token will expire based on this config in api/login api. This will generate a new refresh token if another config - grails.plugin.springsecurity.rest.refreshtoken.new is set to true in Config.groovy. For blank or null, it will return the same Refresh token as passed in oauth/access_token api
Thanks
Sampath
05/16/2023 01:07 PM
Yup! config.groovy is not accessible from UI. Create a freshdesk ticket for the team to update the configs in backend to let refresh token expire after certain timeframe.
-Siva