Sets the time, in minutes, that a refresh_token will remain active.
&GAMSecurityPolicy.OAuthRefreshTokenExpire = Number_Minutes
Where:
&GAMSecurityPolicy
Is a variable based on the GAMSecurityPolicy data type.
Number_Minutes
Number in minutes that a refresh_token will remain active.
The OAuthRefreshTokenExpire property allows setting the time, in minutes, that a refresh_token will remain active.
It makes sense to configure this property if the OauthTokenMaximumRenovations property (available in the same EO) > 0.
The OAuthRefreshTokenExpire property default value is 43200 minutes (30 days). Its value can't be 0.
As long as a refresh_token is valid, it can be used to request a new OAuth Token.
When a client makes a request to an Identity Provider (IDP) to obtain a new access_token based on a refresh_token, the IDP validates if the refresh_token received is not expired.
Note: When using the GAM Backoffice, this property is shown with the description "OAuth refresh_token expiration (minutes)".
To set this property in the GeneXus code (by using the GAM API), the syntax is as follows:
&GAMSecurityPolicy.OAuthRefreshTokenExpire = 60 //minutes
This property is available since GeneXus 18 Upgrade 10.
GAM - Security Policies
GAM - OAuth 2.0 Endpoints to use GAM as Web IDP Server
HowTo: Use OAuth 2.0 Endpoints to authenticate with GAM as REST IDP Server
GAM - OAuth 2.0 Authentication Type