You can change the expiration time of refresh tokens, and in a scaled-out or Cloud-based setup, you must encrypt your refresh tokens and store them client-side.
Procedure
- Access a server on which an instance of the Discovery Service runs, and access its configuration location.
- Open the configuration file cd_ambient_conf.xml for viewing.
The file contains the following elements:
<TokenExpireTime TimeInSeconds="${accesstokenexpire:-300}" />
<RefreshTokenExpireTime TimeInSeconds="${refreshtokenexpire:-3600}" />
- Ensure that the two
TimeInSeconds attributes in these elements are resolved as follows when you run your script:
- Set the
TimeInSeconds attribute of the TokenExpireTime element to the desired expiration time, in seconds, for access tokens.
- Set the
TimeInSeconds attribute of the RefreshTokenExpireTime element to the desired expiration time, in seconds, for access tokens.
- By default, the Discovery Service stores refresh tokens server-side in service memory. If you are running a Cloud-based setup, or if you are running multiple Discovery Service instances, you must store the refresh tokens, encrypted, client-side. To do so, in the file application.properties, set the value of the
oauth.storage.type property to json.
- Repeat the steps above for every other server on which a Discovery Service instance runs.