non-expiring tgt

[Daniel Kyuheon Shim]

Hi,

I'm following CAS project 4.2.x branch to use an access token and tgt.

In this branch, it seems refresh token is not supported.

So, for development purpose, I want to make a non-expiring access token.

However, the access token's expiration is related to tgt expiration policy.

/oauth2.0/profile api is checking the access token is expired or not using tgt.isExpire()  (https://github.com/apereo/cas/blob/4.2.x/cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20ProfileController.java)

I think tgt is not expired then the access token is not expired.

Could you please let me know how to make tgt is not expired?

Thanks,

Daniel

[Misagh Moayyed]

You define an expiration policy, as it's documented to let the TGT never expire, and by extension your AT would not then expire.

...which is a very very bad idea by the way. Switch to a version that gets you that functionality (separate ATs from TGTs) instead in a more reasonable way.