Developing software in the Real World

Changing Apigility's auth token expiry

By default, the OAuth 2 token that is generated in an Apigility app expires in 1 hour. Upon expiry, the client is expected to use the refresh token to get a new access token.

You can see this when you authenticate via a POST to /oauth as you get this response back:

If you need longer than 1 hour, then simply add this top level configuration setting:

The access_lifetime key controls the expiry time and is in seconds, so in this case I’ve set it to 2 hours.

4 thoughts on “Changing Apigility's auth token expiry

  1. We have needed to make this change ourselves this very week. I have written a CLI php script to generate a client to be used in server to server comms and the client_credentials grant type. I wanted the token to 'never expire' so decided to set the expiration date well in the future. Is there a better way of doing this do you think?

    1. Let's write that more verbose, because it's not obvious from my previous comment:

Thoughts? Leave a reply

Your email address will not be published. Required fields are marked *