Authentication / OAuth questions
Overview 
OVERVIEW
Q) The Expires parameter which is returned in the API cal, What is that based on, the original expires in value that was provided when the clientid was created?
A) The difference between the time the access token is generated and the configuration for the expiration time in Application registration at the time of token generation.
A) The difference between the time the access token is generated and the configuration for the expiration time in Application registration at the time of token generation.
Q) What if the expires on value is later changed for that client id, is the updated expiry period used instead? Does this mean the token could expire earlier than was thought?
A) The token expiration is determined based on when it is generated and not on the current set configuration, the new token expiration time only impacts the tokens generated after that time.
A) The token expiration is determined based on when it is generated and not on the current set configuration, the new token expiration time only impacts the tokens generated after that time.
Q) Finally, expires in is a number that represents what? A number of seconds from the current date? If the number above, 2419200, is seconds from the current date, then that's 28 days. (There is a 1 month expiration period, which I assume could be 4 weeks = 28 days?)
A) Yes this is in seconds
A) Yes this is in seconds
Q) What happens if the access token expires before a new one is generated? Can the same method that was used to generate the initial access token be used again?
A) Yes it can be. However please note that the refresh token is independent of the fact that the access token has expired or not, if the token expiration was set to 5 hours, and the client does not update its token using refresh token within the 5 hour window, they can still use the refresh token to generate a new Access token. The refresh token expires after 365 days of generation.
A) Yes it can be. However please note that the refresh token is independent of the fact that the access token has expired or not, if the token expiration was set to 5 hours, and the client does not update its token using refresh token within the 5 hour window, they can still use the refresh token to generate a new Access token. The refresh token expires after 365 days of generation.
Q) If the user account is locked out due to invalid password attempts will the API calls for that user also stop working
A) The current implementation does not stop users API calls when their account gets locked due to invalid password attempts. However please note that we might change this behaviour going forward and also block the API calls for a user if their account is locked out. If the user account is inactive / archived then the API calls made using that user account will stop working.
A) The current implementation does not stop users API calls when their account gets locked due to invalid password attempts. However please note that we might change this behaviour going forward and also block the API calls for a user if their account is locked out. If the user account is inactive / archived then the API calls made using that user account will stop working.
Last Updated: Sep 22,2023
Comments
0 Comments