stackoom
  简体   繁体   中英

OAuth2: Is the `auth_time` claim tied to the refresh token expiration?

 原文  2020-08-05 18:55:35       authentication/ oauth/ oauth-2.0/ openid-connect/ refresh-token

Question

If I know that my auth provider sets refresh tokens to expire after twelve hours, and I have authenticated and my auth_time claim shows as 9AM today, can I safely assume that at 9PM tonight my refresh token will expire? Or are auth_time and refresh token issuance/expiration independent of one another?

1 answers

solution1
 2 ACCPTED  2020-08-05 19:07:11

It depends on the auth provider, but in some providers you can set difference expire times on the different tokens (id/access/refresh). Also some supports absolute or sliding expiration times.

Sample expire config options for IdentityServer can be found here for inspiration.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Auth0 Lock - Google oauth2 unable to get refresh_token Securing Oauth2 refresh_token How to refresh token without getting having to go through auth again? OAuth2 OAuth2 refresh_token grant How to generate expiration time for refresh token? How to make the refresh token life long valid and issue a new refresh token each time a new refresh_token grant_type comes in spring security oauth2 Flutter http authenticator service to refresh oauth2 token Oauth2 refresh_token doesn't exists unable to get Oauth2 token from auth server No AuthenticationProvider found on refresh token - Spring OAuth2 java config
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM