Skip to main content

I am getting both access_token and refresh_token for oauth call.

Is there any documented life span for both the tokens generated?

What is the longevity of access_token and refresh_token? Can this be configurable?

Is there some way I configure the oauth call not to generate refresh_token? I have seen in other oauth servers that we can only get access_token and avoid refresh_token being generated.

How can I do here?

Let's answer one by one.

Is there any documented life span for both the tokens generated?

What is the longevity of access_token and refresh_token?

Access token lifetime is 3600s = 1 hour

Refresh token lifetime is 7 days(1 week)

you can refer: https://forums.developers.ringcentral.com/articles/1426/generating-access-token-and-refresh-token-and-effi.html

Can this be configurable?

I don't think so

Is there some way I configure the oauth call not to generate refresh_token?

Yes, you can. Just use refresh_token_ttl=0 in the OAuth request along with your other parameters like grant_type, extension etc.

You will not display refresh_token as it will expire before it display in response and you can skip that in your API response.


Reply