Skip to Content
Former Member
Mar 31, 2017 at 11:20 AM

oAuth2 - Token Expiry doesn't work as expected



We have a requirement to make all pages of our app. as oAuth2 secured. We have created OCC servcies and using oAuth2 authentication.

Consider the following case: A user is anonymous and the first page that the user hits is /home. Before the home page is hit, the native app. client will make the following call to get authorization token. The same authorization token will then be sent in the header of home page call.


The above call will return an authorization token which is as follows:

   "access_token": "2354a7e4-29b4-4fda-ba28-524a5294f0e5",
   "token_type": "bearer",
   "expires_in": 1704,
   "scope": "basic"

I set the client as follows: Client Id: andoid Grant Type: client_credentials token_type: bearer client_secret: secret scope: basic Expiry set to 10 seconds

However, if I keep hitting the above service the expiry time is not taken as 10 seconds but some other value.

So how will the token expiry be set for anonymous user?

Also post login we again hit the service to get a new token based on GRANT TYPE: PASSWORD which overrides the token generated for anonymous user. However as the CLIENT is same, will the expiry of token with GRANT TYPE: CLIENT_CREDENTIALS and GRANTY_TYPE: PASSWORD be same?