All Release Notes
Expiration times on access and refresh tokens can now be configured.
17 February 2022
Composable Commerce
HTTP API
Enhancement
Security and privacyGraphQL
The expiration time for access and refresh tokens can now be configured per API Client by using the new accessTokenValiditySeconds and refreshTokenValiditySeconds fields. If specified, each access and refresh token created by the API Client will expire within the specified number of seconds. If not specified, the tokens will expire as per the default configuration.
Changes:
- [API] Added
accessTokenValiditySecondsfield to API Client and APIClientDraft. - [API] Added
refreshTokenValiditySecondsfield to API Client and APIClientDraft. - [GraphQL API] Changed the
APIClientWithoutSecrettype:- Added the
refreshTokenValiditySecondsfield to theAPIClientWithoutSecrettype. - Added the
accessTokenValiditySecondsfield to theAPIClientWithoutSecrettype.
- Added the
- [GraphQL API] Changed the
APIClientWithSecrettype:- Added the
accessTokenValiditySecondsfield to theAPIClientWithSecrettype. - Added the
refreshTokenValiditySecondsfield to theAPIClientWithSecrettype.
- Added the
- [GraphQL API] Changed the
CreateApiClienttype:- Input field
refreshTokenValiditySecondswas added toCreateApiClienttype - Input field
accessTokenValiditySecondswas added toCreateApiClienttype
- Input field
The following changes were introduced in terms of GraphQL SDL:
extend type APIClientWithoutSecret {accessTokenValiditySeconds: IntrefreshTokenValiditySeconds: Int}extend type APIClientWithSecret {accessTokenValiditySeconds: IntrefreshTokenValiditySeconds: Int}extend input CreateApiClient {accessTokenValiditySeconds: IntrefreshTokenValiditySeconds: Int}