17 February 2022
Enhancement
SecurityGraphQL

The expiration time for access and refresh tokens can now be configured per API Client by using the new accessTokenValiditySeconds and refreshTokenValiditySeconds fields. If specified, each access and refresh token created by the API Client will expire within the specified number of seconds. If not specified, the tokens will expire as per the platform defaults.

Changes:

  • [API] Added accessTokenValiditySeconds field to API Client and APIClientDraft.
  • [API] Added refreshTokenValiditySeconds field to API Client and APIClientDraft.
  • [GraphQL API] Changed the APIClientWithoutSecret type:
    • Added the refreshTokenValiditySeconds field to the APIClientWithoutSecret type.
    • Added the accessTokenValiditySeconds field to the APIClientWithoutSecret type.
  • [GraphQL API] Changed the APIClientWithSecret type:
    • Added the accessTokenValiditySeconds field to the APIClientWithSecret type.
    • Added the refreshTokenValiditySeconds field to the APIClientWithSecret type.
  • [GraphQL API] Changed the CreateApiClient type:
    • Input field refreshTokenValiditySeconds was added to CreateApiClient type
    • Input field accessTokenValiditySeconds was added to CreateApiClient type

The following changes were introduced in terms of GraphQL SDL:

extend type APIClientWithoutSecret {
accessTokenValiditySeconds: Int
refreshTokenValiditySeconds: Int
}
extend type APIClientWithSecret {
accessTokenValiditySeconds: Int
refreshTokenValiditySeconds: Int
}
extend input CreateApiClient {
accessTokenValiditySeconds: Int
refreshTokenValiditySeconds: Int
}
Developer Center
HTTP APIGraphQL APIPlatform Release NotesCustom ApplicationsBETASDKs & Client LibrariesImport & ExportSUNRISE Starter FrontendsTutorialsFAQ
Merchant Center
DocumentationRelease Notes
Sign upLog inTech BlogIntegrationsStatusSupportUser Research Program
Copyright © 2022 commercetools
Privacy PolicyImprint