DocuSign API oAuth刷新令牌过期的时间 [英] How long the refresh token expires for the DocuSign API oAuth
问题描述
此链接中的文档,表示刷新令牌的寿命比访问令牌的寿命长,您可以使用它们来获得新的访问和刷新令牌。。
预先感谢。
[我为DocuSign工作。我咨询了DocuSign授权工程团队以准备此答案。]
刷新令牌的生存期取决于各种身份验证策略。
过期后,客户端使用授权代码授予流程以请求新令牌。
由于每当使用授权代码授予流程时都需要有人在场,因此此身份验证
其他身份验证技术应用于服务集成。
>已添加
DocuSign系统中并非所有刷新令牌都具有相同的生存期。有些将持续x倍的时间,而另一些则将持续y的时间。为什么有些会持续使用x,有些会持续使用y取决于各种身份验证策略:
- DocuSign平台策略
- 帐户(客户)策略
- 用户登录时执行的身份验证类型
- Etc
回复:其他公司仅使用 14天。 DocuSign身份验证使身份验证的人可以签署法律文件。因此,DocuSign令牌生存期的问题并不简单。
底线:测试您的应用程序,以确保其可以正常处理访问令牌和刷新令牌的到期。
添加于2018年8月
通过OAuth授权代码授予流程获得的访问令牌通常具有8小时的寿命。随附的刷新令牌通常具有30天的使用期限。
如果在身份验证流程中未请求扩展范围,则刷新令牌(如果使用)将返回一个新的
但是如果请求扩展了范围,则,使用刷新令牌时,返回的(新)刷新令牌通常会在此后的30天内有效。
如果请求扩展的范围,并且用户至少每30天登录一次,则原始的和新提供的刷新令牌将使用户永远不必重新进行身份验证自己。
the documentation from this link, said that Refresh tokens have a longer lifetime than access tokens, and you can use them to get new access and refresh tokens.. How long exactly before the refresh token expires in terms of seconds.
Thanks in advance.
[I work for DocuSign. I consulted with the DocuSign Authorization engineering team to prepare this answer.]
The lifetime for refresh tokens vary depending on a variety of authentication policies.
After it expires, the client uses the Authorization Code Grant flow to request new tokens.
Since the human needs to be present whenever the Authorization Code Grant flow is used, this authentication technique should only be used for integrations where the authenticated user is present ("User Applications").
Other authentication techniques should be used for "Service Integrations."
Added
Not all Refresh Tokens in the DocuSign system have the same lifetime. Some will last for x amount of time, others will last for y amount of time. Why some will last for x and others for y depends on various authentication policies:
- DocuSign platform policies
- Account (customer) policy
- The type of authentication that was performed when the user logged in
- Etc
Re: other companies just use "14 days." DocuSign authentication enables the authenticated person to sign legal documents. So the question of the DocuSign token lifetime is not simple.
Bottom line: test your app to ensure that it gracefully handles expiration of both access and refresh tokens.
Added Aug 2018
Access Tokens received via the OAuth Authorization Code Grant flow usually have an 8 hour life. The accompanying Refresh Token usually has a 30 day life.
If extended scope is not requested in the authentication flow, then the Refresh Token, when used will return a new Refresh Token that will have the same expiration date as the original.
But if extended scope is requested, then, when the Refresh Token is used, the returned (new) Refresh Token will normally be good for an additional 30 days from that time.
So if extended scope is requested, and the user logs in at least once every 30 days, then the original and newly provided Refresh Tokens will enable the user to never have to re-authenticate himself or herself.
这篇关于DocuSign API oAuth刷新令牌过期的时间的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
