Closed yankeeinlondon closed 10 years ago
Ok, I think I see now that the HttpBasic
classes constructor provides a mechanism to provide a grant-specific configuration. I think (untested) that that solve number 1 from above.
These are all very good questions.
createAccessToken
method to change the expiration per client_id. This is currently the recommended way.refresh_token_lifetime
to 0
will turn off expiration for refresh tokensSorry for the long delay, this slipped under my radar
I am considering having applications allowed to use the "client credentials" workflow (aka, internal apps) have no expiry. In looking at the code it looks like the expiry timeframe is set at the "server" level (on construction) rather than on a workflow basis. Anyway, my questions are:
Ken