Configures the time in minutes that the access_token will remain active.
&GAMSecurityPolicy.OauthTokenExpire = Number_Minutes
Where:
&GAMSecurityPolicy
Is a variable based on the GAMSecurityPolicy data type.
Number_Minutes
Number in minutes that the access_token will remain active.
This property allows configuring the time in minutes that the access_token will remain active.
By default, it is set to 0; this means that the token never expires.
In order to connect to a secure application, the final user will need to know an authorized username / password. These credentials will be used in conjunction with the client_id downloaded to the device when the application is installed, to establish the first connection to the server application (see HowTo: Develop Secure REST Web Services in GeneXus for details).
When the user tries to connect to the application, a login is presented to him/her. The first time he tries to connect, a POST is done to the server, using username, password, and client_id. Then, the HTTP Response returns an access_token which will be used all over the connection from now on.
This access_token is stored in the device and can either remain unchanged while the user is connected or be reset regularly depending on the value of the OauthTokenExpire property of the GAMSecurityPolicy External Object.
The access_token stores in the device cache, and while it's valid (the user does not log out) the final user will not be presented with the login again.
The local session is destroyed when the user logs out the application, and the local cache of the device is destroyed.
Note: When using the GAM Backoffice, this property is shown with the description "Token expiration (minutes)".
The GAMExampleEntrySecurityPolicy Web Panel object is an example where this property is used.
To set this property in the GeneXus code (by using the GAM API), the syntax is as follows:
&GAMSecurityPolicy.OauthTokenExpire = &OauthTokenExpire
Notes:
1. The criteria of time expiration for Token expiration is different from the web session expiration timeout. The latter is time of inactivity, the former is elapsed time.
2. Token expiration (minutes) property is not considered for auto-registered users.
OauthTokenMaximumRenovations property in GAMSecurityPolicy EO
Security Session Management in Applications using GAM