oauth-2.0cloudsap-cloud-platformcloudfoundry-uaa

How do I change the expires_in value for an authentication token?


I tried following all the steps in the blog whose URL is mentioned below.

https://blogs.sap.com/2019/04/29/sap-cloud-platform-backend-service-tutorial-13-api-called-from-external-tool/

While I am getting the authentication token and the entire flow is running properly, I just cannot change the value of expires_in which is 43199 by default.

How do I change that to some other value, let's say 5 minutes (300 seconds) ?


Solution

  • You can include this in the UAA configuration in the xs-security.json or manually update the uaa using cf update-service <uaa_instance_name> -c <json_file | inline-JSON object>

    "oauth2-configuration": {
          "token-validity": 7200
    }
    

    For fullness, here's a sample UAA JSON

    {
      "xsappname": "example_uaa",
      "tenant-mode": "dedicated",
      "description": "Security profile of called application",
      "scopes": [
        {
          "name": "uaa.user",
          "description": "UAA"
        }
      ],
      "oauth2-configuration":{ 
          "token-validity": 7200
       },
      "role-templates": [
        {
          "name": "Token_Exchange",
          "description": "UAA",
          "scope-references": [
            "uaa.user"
          ]
        }
      ]
    }