Climate Solutions Community

JueBag · ‎24.12.2021

As noticed lately the RefreshToken doesn't live forever.

Such requirement is ( somewhat) understood, however is it really necessary to urge the users the redo the whole authentification process again?

MichaelHanna · ‎06.01.2022

Hi @JueBag ,

Thanks for the feedback. That the refresh token is expiring after 180 days is a mechanism to keep the API more secure.

I also understand the additional effort of users to create a new refresh token. We will evaluate the possibilities to extend the refresh token TTL or having a refresh token that does not expire.

In the meantime, do you already have an implementatoin that accounts for creating a new refresh token after 180 days?

Regards,

Michael

Lösung in ursprünglichem Beitrag anzeigen

MichaelHanna · ‎06.01.2022

Hi @JueBag ,

Thanks for the feedback. That the refresh token is expiring after 180 days is a mechanism to keep the API more secure.

I also understand the additional effort of users to create a new refresh token. We will evaluate the possibilities to extend the refresh token TTL or having a refresh token that does not expire.

In the meantime, do you already have an implementatoin that accounts for creating a new refresh token after 180 days?

Regards,

Michael

JueBag · ‎06.01.2022

Thanks for the feedback.

No, I don't have an own solution for the needed update of the RefreshToken yet.

AFAIK user @rogrun wi implement this in his openHAB binding (i.e. a complete and ready to use interface), once complete I will move over to this solution.

Climate Solutions Community

Lifetime of the RefreshToken and needed procedure to renew it

Weitersurfen