The following configurations in the ‘access.config.yml’ will apply the configuration changes required for the API.
Note
If expiry is forced but expires_in was not provided in the request, the default expiry shall be set.
An admin can restrict user identity tokens refresh-ability (i.e., disallow creating as refreshable)
default-expiry
The default expiry period in seconds, this is the token expiry when the expiry is set to null.
When set to zero, default expiry is not forced.
Must be non-negative.
Must comply with ('max-expiry' >= 'default-expiry').
Default value: 1 year
max-expiry
The max possible expiry of non-admin tokens.
When the value is bigger than zero - non-expirable tokens are forbidden and the user's token expiry will be limited to the max expiry value.
When the value is zero - the user's token can be non-expirable and the token’s expiry will not be limited with a higher boundary.
Must be non-negative.
Must comply with ('max-expiry' >= 'default-expiry').
Default value: 0
allow-refreshable
When disabled, all the user tokens will be created as non refreshable.
Default: true
‘access.config.yml’ Example:
token: default-expiry: 31536000 max-expiry: 0 allow-refreshable: true