In OAuth2 Token Expires, why Kong does not return Error message as Expired?

356 views
Skip to first unread message

daniel...@gmail.com

unread,
Oct 25, 2017, 5:27:19 AM10/25/17
to Kong
In OAuth2 Token Expires, why Kong does not return Error message as Expired?

{
    "error_description": "The access token is invalid or has expired",
    "error": "invalid_token"
}

As Token Expires after 7200 (default expire time), why Kong return error message as invalid_token? not as Expired?

My Kong OAuth Settings are 

- Global Credentials,
- Enable Authorization code

are enabled. other all setting are disabled.

Can't I print Error message as "expired_token" when The token expires??

jju...@g.clemson.edu

unread,
Nov 2, 2017, 10:44:20 PM11/2/17
to Kong
I think you have to consider the implications of implementing something like this.... So you are saying in the node cache and datastore saving every OAUTH token hash that was ever valid at any one point to then throw a given exipred_token error. I am also unsure about potential future collisions in the hash pattern later... Just does not make sense to implement it like this. Once a token is expired it is gone from node/datastore and that is the way it should be imo. 
Reply all
Reply to author
Forward
0 new messages