I am getting both access_token and refresh_token for oauth call.
Is there any documented life span for both the tokens generated?
What is the longevity of access_token and refresh_token? Can this be configurable?
Is there some way I configure the oauth call not to generate refresh_token? I have seen in other oauth servers that we can only get access_token and avoid refresh_token being generated.
How can I do here?
Let's answer one by one.
Is there any documented life span for both the tokens generated?
What is the longevity of access_token and refresh_token?
Access token lifetime is 3600s = 1 hour
Refresh token lifetime is 7 days(1 week)
you can refer: https://forums.developers.ringcentral.com/articles/1426/generating-access-token-and-refresh-token-and-effi.html
Can this be configurable?
I don't think so
Is there some way I configure the oauth call not to generate refresh_token?
Yes, you can. Just use refresh_token_ttl=0 in the OAuth request along with your other parameters like grant_type, extension etc.
You will not display refresh_token as it will expire before it display in response and you can skip that in your API response.
1 Person is following this question.
