Token Life

[kazmi]

What is the maximum token life?? 

[Desire2Learn Staff: Sarah-Beth]

If you're referring to user tokens, there is a config variable within the environment to control timeout of those tokens. Many institutions configure a 30-day timeout, whole others configure an indefinite lifespan for those tokens. Your approved support contact can contact D2L Support to verify and set that value. In addition to expiry by date, user tokens can become invalid for other reasons. This info came from a response on StackOverflow:

There are several conditions that will cause a user-authentication token rollover:

• TokenTimeout period, if set, has expired.

• User has changed their password, or someone else (admin) has changed their password.

• An admin has prompted the system to force a token expiry (by using the user management tool to select one or more users and "revoke application access" for that user -- this will invalidate the current user tokens forcing the users' third-party applications to re-validate and request new tokens).

• A database restore occurred to a checkpoint before the version of the data that contained a user's token timestamp entry

Note that any user tokens issued before setting the TokenTimeout period to infinity are still subject to the timeout period under which they were first issued. In other words, if you generated tokens for your utility account, and then set your TokenTimeout period to -1, your utility account's tokens will expire (after the expiry of the period under which they were created).