Re: question about token management using cf client using java


Ben Hale <bhale@...>
 

1. is there way to know about token expiration time using cf java client?
I'm using PasswordGrantTokenProvider
Configuring the `cf-java-client.token` logger to `DEBUG` will give you detailed information about the negotiated tokens.

```
cloudfoundry-client.request POST https://login.peach.springapps.io:443/oauth/token
cloudfoundry-client.response 200 https://login.peach.springapps.io:443/oauth/token (460 ms)
cloudfoundry-client.token Refresh Token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImtleS0xIiwidHlwIjo...
cloudfoundry-client.token Refresh Token Issued At: 2017-07-20T16:27:12 UTC
cloudfoundry-client.token Refresh Token Expires At: 2017-08-03T16:27:12 UTC
cloudfoundry-client.token Access Token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImtleS0xIiwidHlwIjoi...
cloudfoundry-client.token Access Token Issued At: 2017-07-20T16:27:12 UTC
cloudfoundry-client.token Access Token Expires At: 2017-07-20T18:27:12 UTC
```


2. sometimes there is 401 error when i restart the nozzle program. is there way to prevent it? how can i do?
The 401 is an expected part of the HTTP authentication handshake. The first call without a token returns a 401 telling the caller that a token must be presented. At this point, the client goes off to negotiate a token and re-makes the same call with the proper token, which is then accepted. Eagerly sending credentials without first being prompted by a 401 is considered poor security practice.


3. suppose token expiration time is ten minutes. during receiving data using subscribe method
is token expiration time extended automatically? or should refresh token every ten minute?
Tokens are only used during the initiation of a connection. So if a connection lives for 1000 hours, the token is only needed at the beginning of the request, not the entire duration. If the connection drops and is restarted, the standard token negotiation handshake takes place. If the token has expired (as indicated by a 401), then the token is refreshed and the request is automatically retried.


-Ben Hale
Cloud Foundry Java Experience

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.