Table of Contents

Token duration per client

Preface

This article describes instructions on how to configure access/refresh token duration per client. See “How Authlete determines token duration " for details on token duration.

This feature is available since Authlete 2.1.

Configuration

Only service owners can configure the following settings.

Here are steps to configure access/refresh token duration per client.

Go to the client developer console and log in as a service owner (i.e. using the pair of API key and secret of the service as login credentials).
Open the client edit page and click “Extension ” tab so that you can see token duration settings. Enter values for “Access Token Duration In seconds” and “Refresh Token Duration In seconds” fields.

スクリーンショット_2020-01-27_20 — Set token duration per cleint at Client Developer Console

Example

Assume there are a service and two clients registered with it. Values of access token duration are set to some of the entities as follows.

Entity	Access token duration (seconds)
Service	86,400
Client 1	(not set)
Client 2	3,000

Under this condition, Authlete’s /auth/authorization/issue API make the following responses to implicit grant flow authorization requests sent from each of the clients.

1. Response to an authorization request from Client 1

{
    "type": "authorizationIssueResponse",
    "accessTokenDuration": 86400,
    "responseContent": "https://client.example.org/cb/example.com
    #access_token=1zT0XRynwLryWYRKCYSDjrwku5sD-WQTCtC1tnfExZE
    &token_type=Bearer
    &expires_in=86400
    &scope=openid"
}

=> The access token duration for the Service is used.

2. Response to an authorization request from Client 2

{
   "type": "authorizationIssueResponse",
   "accessTokenDuration": 3000,
   "responseContent": "https://client.example.org/cb/example.com
   #access_token=xg79MJucCq8f8QPA2_o9_q5nfzgbRQycgVwYSvMSWTY
   &token_type=Bearer
   &expires_in=3000
   &scope=openid"
}

=> The access token duration for the Client 2 is used.