Re: UAA: How to set client_credentials token grant type to not expire

Home Messages Hashtags Subgroups

#1026

Re: UAA: How to set client_credentials token grant type to not expire

Paul Bakare #1026 Filip, Here's my client config: useraccount scope: clients.read oauth.approvals openid password.write tokens.read tokens.write uaa.admin resource_ids: none authorized_grant_types: authorization_code client_credentials password refresh_token authorities: scim.read scim.userids uaa.admin uaa.resource clients.read scim.write cloud_controller.write scim.me clients.secret password.write clients.write openid cloud_controller.read oauth.approvals access_token_validity: 315360000 autoapprove: true Gotten from `uaac clients` I really do not know what else I might be doing wrongly. Does `test_Token_Expiry_Time()` also cover for client_credentials grant type? I tried running the test with `./gradlew test -Dtest.single=org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests` and placed debuggers in order to view the generated expiration time. Nothing was printed in the test results. toggle quoted message Show quoted text On Wed, Jul 29, 2015 at 6:11 PM, Filip Hanik <fhanik(a)pivotal.io> wrote: exp is expected to be 1753544877 when decoded. Unfortunately, this test fails, as exp reads 1438228276 most likely your client does not have the access token validity setup correctly. See the test case I posted that validates my statements https://github.com/cloudfoundry/uaa/commit/f0c8ba99cf37855fec54b74c07ce19613c51d7e9#diff-f7a9f1a69eec2ce4278914f342d8a160R883 On Wed, Jul 29, 2015 at 9:57 AM, Kayode Odeyemi <dreyemi(a)gmail.com> wrote: Good. But my apologies. Assume: creation time = 1438184877 access token validity (set by me) = 315360000 exp is expected to be 1753544877 when decoded. Unfortunately, this test fails, as exp reads 1438228276 On Wed, Jul 29, 2015 at 5:43 PM, Filip Hanik <fhanik(a)pivotal.io> wrote: If I set the access_token_validity to 315569260, I'm expecting the token when decoded to read exp: 315569260. If this is not, then is it possible to set the token expiry time? It's a little bit different. access_token_validity is how long the token is valid for from the time of creation. thus we can derive exp (expiration time) = token creation time + access token validity you don't get to set the expiration time, since that doesn't make sense as the clock keeps ticking forward. in your case, having access token validity be 10 years, achieves exactly what you want Filip On Wed, Jul 29, 2015 at 9:36 AM, Kayode Odeyemi <dreyemi(a)gmail.com> wrote: Thanks again Filip. However, here's what I mean, If I set the access_token_validity to 315569260, I'm expecting the token when decoded to read exp: 315569260. If this is not, then is it possible to set the token expiry time? line 906 sets the value to 1438209609 when the token is decoded and I believe that's what the check_token service also checks. expirationTime1000l occurs after the token has been decoded (whose exp value is set to 1438209609) Now the question is why do you have to do expirationTime1000l since the token when decoded originally set's this value to 1438209609 (without * 1000l) Except I'm completely getting this all wrong? _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org https://lists.cloudfoundry.org/mailman/listinfo/cf-dev _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org https://lists.cloudfoundry.org/mailman/listinfo/cf-dev _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org https://lists.cloudfoundry.org/mailman/listinfo/cf-dev _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org https://lists.cloudfoundry.org/mailman/listinfo/cf-dev attachment.html attachment.html
More All Messages By This Member

View All 13 Messages In Topic

#1026

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.

Home Hashtags Subgroups Terms