How Authlete determines token duration

Preface

Authlete determines duration of effective time of tokens (access tokens and refresh tokens) when issuing them. This article describes how Authlete versions calculate token duration (hereinafter duration). 

Authlete 1.x

Authlete uses a value of token duration configured for a service . The value is set as an initial value of duration.

Authlete 2.0

Authlete 2.0 supports token duration per scope . In addition to the calculation process in Authlete 1.x, Authlete performs the following calculation steps. 

• Check which scopes are requested by clients

• If token duration is set for any of the requested scopes (see this for more details), perform the following steps.

  • Get the minimum value out of all the token duration that are set for those scopes.
  • If the value obtained above is smaller than the current duration, Authlete sets the smaller value for the new duration.

Authlete 2.1 and later

Authlete 2.1 and later supports token duration per client . In addition to the calculation processes in Authlete 1.x and 2.0 above, Authlete performs another calculation step. 

• Check which client is the requestor
• If token duration is set for the requesting client (see this for more details), Authlete compares the value with the current duration and sets the smaller one for the new duration.

See also

• Token duration per scope
• Token duration per client