Oauth token exp value

Guillaume Dubé

unread,

Mar 7, 2019, 9:17:34 AM3/7/19

to ORCID API Users

Hi,

We're currently using the public api for authenticating users with an ORCID. We're doing it using Redhat SSO (Keycloak) and we've hit a problem with the exp of a token set to 20 years. Our deployment can't support an exp going after 2038 since it's bigger than what UNIX epoch time can support (int32). Is there a way to have a token with an exp that is smaller than that ? Do you know a workaround concerning this situation ? As far as I know, the Keycloak community knows this problem (large exp) but it is not a priority since a token with a 20 years expiration doesnt seems common on their side.

Thanks for your support,

Guillaume Dubé

Université Laval

Alainna Wrigley

unread,

Mar 7, 2019, 10:12:52 AM3/7/19

to Guillaume Dubé, ORCID API Users

Hello Guillaume,

Could you use the refresh token process to create a token with the same scopes and a shorter expiration time? See http://members.orcid.org/api/oauth/refresh-tokens

Best,

Alainna

--
You received this message because you are subscribed to the Google Groups "ORCID API Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orcid-api-use...@googlegroups.com.
To post to this group, send email to orcid-a...@googlegroups.com.
Visit this group at https://groups.google.com/group/orcid-api-users.
For more options, visit https://groups.google.com/d/optout.

Guillaume Dubé

unread,

Mar 7, 2019, 11:52:19 AM3/7/19

to ORCID API Users

Hi Alainna,

I'm not sure this could work. Since I can't get the original token because RH SSO tell us that the token is invalid. I'm not sure refreshing the token could work. I've tried to push the expires_in value but it doesn't seems to works.