JWT access token: How can I change the expiration?

Avatar

Avatar

d1g1

Avatar

d1g1

d1g1

23-05-2019

Hello Everyone,

I want to create an access token that is valid for a long time (for server-to-server API requests). I created a service account integration in the I/O Console following the documentation. After I generated the JWT, how can I set up the expiration date of the access token I create out of it?

“The expiration parameter is a required parameter measuring the absolute time since 01/01/1970 GMT. You must ensure that the expiration time is later than the time of issue. After this time, the JWT is no longer valid. At maximum, the expiration period can be set up to 24 hours from time of issue. Note: This is an expiration time for the JWT token and not the access token. Access token expiration is set to 24 hours by default.“

Is there a parameter I can include in the POST request to https://ims-na1.adobelogin.com/ims/exchange/jwt in order to set up the expiration date of the access token?

Thank you!

View Entire Topic

Avatar

Avatar

settytb1

Employee

Avatar

settytb1

Employee

settytb1
Employee

23-09-2019

Hi Jacob,

If you look on that doc, the JWT should be very short lived.  See the Exp recommendation:

Required. The expiration parameter is a required parameter measuring the absolute time since 01/01/1970 GMT. You must ensure that the expiration time is later than the time of issue. After this time, the JWT is no longer valid. Recommendation: Have a very short lived token (a few minutes) - such that it expires soon after it has been exchanged for an IMS access token. Every time a new access token is required, one such JWT is signed and exchanged. This is secure approach. Longer lived tokens that are re-used to obtain access tokens as needed are not recommended.

Basically you need to make a new jwt then get a new access token.  That's really the workflow.  There's various libraries and sample code we have on how to generate a new jwt.

I hope that helps,

Seth