Official Content

Sets the time, in minutes, that a refresh_token will remain active.


&GAMSecurityPolicy.OAuthRefreshTokenExpire = Number_Minutes


 Is a variable based on the GAMSecurityPolicy data type.

  Number in minutes that a refresh_token will remain active.


The OAuthRefreshTokenExpire property allows setting the time, in minutes, that a refresh_token will remain active. 

It makes sense to configure this property if the OauthTokenMaximumRenovations property (available in the same EO) > 0.

The OAuthRefreshTokenExpire property default value is 43200 minutes (30 days). Its value can't be 0.

As long as a refresh_token is valid, it can be used to request a new OAuth Token.

When a client makes a request to an Identity Provider (IDP) to obtain a new access_token based on a refresh_token, the IDP validates if the refresh_token received is not expired.

Note: When using the GAM Backoffice, this property is shown with the description "OAuth refresh_token expiration (minutes)".


To set this property in the GeneXus code (by using the GAM API), the syntax is as follows:

&GAMSecurityPolicy.OAuthRefreshTokenExpire = 60 //minutes


This property is available since GeneXus 18 Upgrade 10.

See Also

GAM - Security Policies
GAM - OAuth 2.0 Endpoints to use GAM as Web IDP Server
HowTo: Use OAuth 2.0 Endpoints to authenticate with GAM as REST IDP Server
GAM - OAuth 2.0 Authentication Type

Last update: April 2024 | © GeneXus. All rights reserved. GeneXus Powered by Globant