Configure Token Lifetime Properties

Customize token lifetime properties in the #OTK Token Lifetime Configuration policy.   
otk40
Customize token lifetime properties in the #OTK Token Lifetime Configuration policy.   
hashOTKTokenLife.png
Temporary tokens have short lifetimes for security reasons. We recommend you do not extend the default value for temporary tokens.  
To configure token lifetimes:
  1. In the Policy Manager, navigate to OTK/PolicyFragments/configuration.
  2. Open the OTK Token Lifetime Configuration policy to view the token lifetime default settings.
    Click
    Show Comments
    to see helpful translations from seconds to minutes or hours.   
  3. Copy the assertions of any Set Context Variables you want to customize. 
  4. Open the #OTK Token Lifetime Configuration policy found in the OTK/Customizations folder.
  5. Paste the assertions and set new values for the Context Variables. 
  6. Save and Activate
    .
The following guidelines apply:
  • Set the access_token to expire before the refresh_token.
  • The consumer_key and client_id values can be set to 0 (never expire).
  • To effectively have a token that does not expire, set the value to the maximum value of 631138520 seconds (20 years).
OAuth 1.0 Variables
Description
oauth_v1_consumer_key_lifetime_m
Controls the lifetime of OAuth consumer keys.
Default: 0 minutes (never expire)
oauth_v1_access_token_lifetime_s
Controls the lifetime of access tokens.
Set to 0 to make the token invalid immediately.
Default: 86400 seconds = 1 day.
oauth_v1_request_token_lifetime_s
Controls the lifetime of request tokens.
Set to 0 to make the token invalid immediately.
Default: 300 seconds = 5 minutes.
OAuth 2.0 Variables
oauth2_auth_code_lifetime_sec
Controls the lifetime of issued OAuth codes.
Set to 0 to make the code invalid immediately.
Default: 300 seconds = 5 minutes
oauth2_access_token_lifetime_sec
Controls the lifetime of issued access tokens.
Set to 0 to make the token invalid immediately.
Default: 3600 seconds = 1 hour
oauth2_refresh_token_lifetime_sec
Controls the lifetime of issued refresh tokens.
Default: 604800 seconds = 1 week 
To effectively have a token that does not expire, set the value to the maximum value of 631138520 seconds (20 years).
oauth2_client_id_lifetime_m
Default: 0 minutes (never expire)
oauth2_client_id_lifetime_SDK_m
Default: 10080 minutes = 1 week
OpenID Connect Variables
id_token_lifetime_s
The lifetime of the OpenID session.
Default: 86400 seconds = 1 day