Details
-
New Feature
-
Resolution: Completed
-
Major
-
COmanage Registry 4.4.0 (Sparkling Summit)
Description
Section 5.1 of RFC 6749 at https://www.rfc-editor.org/rfc/rfc6749#section-5.1 has
|
|
expires_in
|
RECOMMENDED. The lifetime in seconds of the access token. For
|
example, the value "3600" denotes that the access token will
|
expire in one hour from the time the response was generated.
|
If omitted, the authorization server SHOULD provide the
|
expiration time via other means or document the default value.
|
|
Since the Oauth2Server model consumes and stores the full token response already along with the modified timestamp, there should be a method/function for the model that inspects the full token response and if it can find expires_in uses it along with the modified timestamp to determine if the access token is expired.
The method could also take an argument deltat, with a default value of zero, and return true or false if the access token will be expired at the time now + delta.
The method could return true if the access token will be expired at time now + delta, false if it will not be expired, or null if it cannot be determined because the full token response did not include the recommended expires_in field.
Attachments
Issue Links
- is related to
-
CO-2854 Oauth2Server obtainToken function assumes refresh token always returned
-
- Closed
-