Layer7 API Management

 View Only
  • 1.  Oauth2 end user idle session timeout

    Posted Nov 24, 2021 09:56 AM
    Hello
    I have set the following variable ,oauth2_refresh_token_lifetime_sec, to log out idle users after 20 minutes.
    But the users are remaining connected after 20 minutes

    Is this the correct variable to logout idle sessions


  • 2.  RE: Oauth2 end user idle session timeout

    Broadcom Employee
    Posted Nov 24, 2021 10:02 AM
    The refresh token is to allow a new token to be issued as a replacement. That is not what covers the life of the actual token. You should look at oauth2_access_token_lifetime_sec

    ------------------------------
    Aran White - [JobTitle]
    [CompanyName]
    [State]
    ------------------------------



  • 3.  RE: Oauth2 end user idle session timeout

    Posted Nov 25, 2021 01:31 AM
    Hello
    I have set oauth2_access_token_lifetime_sec, but its still not ending the session for idle users

    Thanks