Refresh Token for APEX Created REST Services Does Not Expire as Documented
Last updated on AUGUST 02, 2017
Applies to:Oracle REST Data Services - Version 2.0.10 and later
Information in this document applies to any platform.
The "security.oauth.tokenLifetime” parameter in defaults.xml has been changed to modify the expiration time.
When a token is requested it comes back with new expiration time but the refresh token self does not last for 24 times the access token.
The value is specified in seconds, and defaults to 3600 seconds (1 hour) for an access token.
The refresh token is fixed at 24 times the access token duration.
a. Access token is set to expire at 60 sec, and refresh token supposed to expire 24 times access token that is 24 minutes. but it didn't expire in after 24 minutes.
b. Access token set to expire in 7 days, so the refresh token should last for 24*7 = 158 days. but it expired before the time limit.
According to <Note 2101190.1> - How to Change the Default Token Expiration and Refresh Token Expiration For ORDS: the expiration for the refresh token is 24 the value of security.oauth.tokenLifetime - for APEX based REST services.
APEX based REST services are not honoring the refresh token expiration time.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms