Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Karthikeyan Damodharan (KARTHIKD)
US Bank

US Bank
US
KARTHIKD Member since 2012 19 posts
US Bank
Posted: Jun 23, 2020
Last activity: Jun 29, 2020
Posted: 23 Jun 2020 13:11 EDT
Last activity: 29 Jun 2020 10:03 EDT
Closed

OAuth Access token getting expired

OAuth Access token of expiry within 0 secs is being passed to external systems connecting to services exposedin Pega system which is causing authentication error of 401with error message {"Invalid token or expired."} being passed to external connecting systems as response.

We would like to know how can we make the oAuth generate a new token every time regardless of the token life time config. (or) if the token life time reaches a threshold value oAuth has to generate a new token.

 

***Edited by Moderator Marissa to update Content Type from Discussion to Question***

To see attachments, please log in.
Pega Collections for Financial Services 7
Pega Cloud
Financial Services
System Architect

  • Tama Venkat
Posted: 4 years ago
Updated: 4 years ago
Posted: 26 Jun 2020 16:36 EDT
Updated: 26 Jun 2020 16:40 EDT
Paul Gentile (PaulGentile_GCS)
PEGA
Principal Engineer, Technical Support, 1:1 Customer Engagement
Pegasystems Inc.
US

I assume you are asking about the OAuth 2.0 security you have implemented to cover the Service_REST APIS you have exposed.

In that case, you have defined the token lifetime in the client registration. You then have provided a URL for client's to obtain tokens with that length of time.

Your clients then must properly obtain the token. For example, you can test from postman.

sample

If your clients are calling your services with an expired token, they might not be obtaining it correctly.

 

To see attachments, please log in.
Posted: 4 years ago
Posted: 29 Jun 2020 9:48 EDT
Karthikeyan Damodharan (KARTHIKD)
US Bank

US Bank
US

There is no issue getting the access token. My question is as below.

1) Client hitting the token url and Pega checks whether a oAuth token already exists and if it identified a valid token then it sends the token. We have a token life time set as 3600 secs. If the last token is still valid for 1 more sec, then pega still sends that token as valid one to client. By the time the client hits our service with that token the token might have expired( as it had only 1 sec when issued) and pega returns "Invalid Token". So the client has to hit the token url again and get a new token and hit our pega service.

We would like to understand, if there is any OOTB configuration to restrict from Pega not return a token which validitiy is less than 10 sec(configurable threshold). (or) generate a new token every time instead of reusing existing valid token?

To see attachments, please log in.
Posted: 4 years ago
Posted: 29 Jun 2020 10:03 EDT
Paul Gentile (PaulGentile_GCS)
PEGA
Principal Engineer, Technical Support, 1:1 Customer Engagement
Pegasystems Inc.
US

I do not know of any such functionality. I do know there is the refresh token feature that specifically addresses this use case. 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice