All Release Notes
Expiration times on access and refresh tokens can now be configured.
17 February 2022
Enhancement
SecurityGraphQL
The expiration time for access and refresh tokens can now be configured per API Client by using the new accessTokenValiditySeconds
and refreshTokenValiditySeconds
fields. If specified, each access and refresh token created by the API Client will expire within the specified number of seconds. If not specified, the tokens will expire as per the default configuration.
Changes:
- [API] Added
accessTokenValiditySeconds
field to API Client and APIClientDraft. - [API] Added
refreshTokenValiditySeconds
field to API Client and APIClientDraft. - [GraphQL API] Changed the
APIClientWithoutSecret
type:- Added the
refreshTokenValiditySeconds
field to theAPIClientWithoutSecret
type. - Added the
accessTokenValiditySeconds
field to theAPIClientWithoutSecret
type.
- Added the
- [GraphQL API] Changed the
APIClientWithSecret
type:- Added the
accessTokenValiditySeconds
field to theAPIClientWithSecret
type. - Added the
refreshTokenValiditySeconds
field to theAPIClientWithSecret
type.
- Added the
- [GraphQL API] Changed the
CreateApiClient
type:- Input field
refreshTokenValiditySeconds
was added toCreateApiClient
type - Input field
accessTokenValiditySeconds
was added toCreateApiClient
type
- Input field
The following changes were introduced in terms of GraphQL SDL:
extend type APIClientWithoutSecret {accessTokenValiditySeconds: IntrefreshTokenValiditySeconds: Int}extend type APIClientWithSecret {accessTokenValiditySeconds: IntrefreshTokenValiditySeconds: Int}extend input CreateApiClient {accessTokenValiditySeconds: IntrefreshTokenValiditySeconds: Int}