logo

Changing token duration

Table of Contents

Changing Token Duration

Overview

When you update the “token duration” settings on an Authlete service that has already been issuing tokens, Authlete will:

  • Retain the original duration settings for tokens issued before the change.
  • Apply the new duration settings to tokens issued after the update.

This article explains how the “token duration” settings affect access tokens and refresh tokens.

Access Tokens

The new duration settings are to be applied on (re)issuing access tokens on token requests with various grant types including refresh token grant.

token-duration-1

Refresh Tokens

The duration change may affect refresh tokens based on “Refresh Token Rotation ” settings.

To configure Refresh Tokens settings:

  1. Navigate to Service Settings > Tokens and Claims > Refresh Tokens

  2. Enable your desired Refresh Token Rotation options.

  3. Click Save Changes to apply the updates.

changing-token-durations_1

Enable Token Rotation

The Enable Token Rotation Configuration item controls whether to keep a refresh token valid after its use or invalidate the used refresh token and issue a new one.

  • If “Enable Token Rotation ” is enabled

    • The new duration won’t be effective until the existing refresh token is expired and reissued.
      token-duration-2

  • If “Enable Token Rotation ” is disabled

    • The new duration is effective for a new refresh token that is to be issued along with a new access token on refresh token grant (using the old refresh token).
      token-duration-3

Enable Duration Takeover

  • If “Enable Duration Takeover ” is enabled
    • The remaining duration of a used refresh token is transferred to the newly issued one. This setting has no effect when Enable Token Rotation is on.

See Also

Refreshing a refresh token when the grant type is “refresh_token”