Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

what is the validity of refresh_token generated for Saviynt APIs

sampath18
Regular Contributor II
Regular Contributor II

‎05/15/2023 07:58 AM

Hi Team,

I would like to know what is the validity of refresh_token generated for saviynt APi for grant_type refresh_token. We wanted to use serviceaccount when sso is enabled as localauth is not working even after setting required flags.

Hence, we are trying with Service account which can be used to perform certain tasks using saviynt API.

But i have concern that when refresh_token is expired what is process to get new one so that process will not break. 

Thanks

Sampath

Labels:
0 Kudos
3 REPLIES 3

Sivagami
Valued Contributor
Valued Contributor

‎05/15/2023 11:41 AM

As long as the user identity used to generate refreshtoken via Admin -> Settings -> Webservice auth is active, the refreshtoken generated will never expire unless config.groovy file is updated with an internal config as described in https://forums.saviynt.com/t5/identity-governance/saviynt-api-access-refresh-token-expiry-sso-protec... to let the refresh token expire as well after certain time period.

 

sampath18
Regular Contributor II
Regular Contributor II

‎05/16/2023 02:51 AM

Hi Sivgami

I have generated token using the UI->Webservice Auth. However, i have refreshed it multiple time is postman using following API: {{savEnv}}/ECM/oauth/access_token but the refresh_token is same always. I understand that it is not going to expire  as long as user is active and properties in config.groovy are overridden.

However, everywhere we are being asked to verify properties in conifg.groovy file but it not visible for admins . Do we need to contact saviynt team to verify the mentioned configs in the following reference link: https://documenter.getpostman.com/view/1797923/Uz5KmEhE#4c74057e-5267-420a-95af-ba0c45a90b40

Note: If grails.plugin.springsecurity.rest.refreshtoken.storage.jwt.expiration is set to some value in Config.groovy, refresh token will expire based on this config in api/login api. This will generate a new refresh token if another config - grails.plugin.springsecurity.rest.refreshtoken.new is set to true in Config.groovy. For blank or null, it will return the same Refresh token as passed in oauth/access_token api

Thanks
Sampath

 

0 Kudos

Sivagami
Valued Contributor
Valued Contributor
In response to sampath18

‎05/16/2023 01:07 PM

Yup! config.groovy is not accessible from UI. Create a freshdesk ticket for the team to update the configs in backend to let refresh token expire after certain timeframe.

-Siva

0 Kudos
Copyright © 2024 Khoros, LLC