restify-oauth2 how to use tokenExpirationTime

279 views Asked by At

I am using the restify-oauth2 repo from here: https://github.com/domenic/restify-oauth2

In the readme it mentions tokenExpirationTime but never tells how to use it. Here is all it says about it:

  • tokenExpirationTime: the value returned for the expires_in component of the response from the token endpoint. Note that this is only the value reported; you are responsible for keeping track of token expiration yourself and calling back with false from authenticateToken when the token expires. Defaults to Infinity.

If someone could point me in the right direction or knows how to use this that would be much appreciated. Thanks in advance!

2

There are 2 answers

0
gmaniac On BEST ANSWER

So I figured out how to add tokenExpirationTime to the request. Here is what I did.

First added the variable to the environments in my config:

tokenExpirationTime: 3600, // production server tokens will expire in one hour

I made the tokens expire in one hour for production. For my development environment I am making the tokens never expire by adding this line.

tokenExpirationTime: undefined, // dev environment tokens will not expire

To use this config variable in the server.js file I add it to tokenExpirationTime to my ropc setup.

restifyOAuth2.ropc(server, { tokenEndpoint: "/login", hooks: hooks, tokenExpirationTime: config.tokenExpirationTime });

Now when you log in it uses the times I defined in my config file. I still need to figure out how to pull that expires_in and either refresh the time or send back not authenticated.

As for the scope of this question it is answered.

0
Anderson Pimentel On

I think you pass the tokenExpirationTime only for the response of request. eg:

{"access_token":"RHcXztdcDgLCXh6etEIWdzZjrZr8UL16MCTkWxhdO8U=","token_type":"Bearer","expires_in":3600}

Inside the restify-oauth2 I didn't see any way to get this data(tokenExpirationTime) in our available hooks, like authenticateToken or grantUserToken.

So that's it, you are responsable for ensure the expiration of the tokens, as mentioned on documentation of restify-oauth2.