Closed LindaLawton closed 2 years ago
nigtrifork
commented
2 years ago Access token lifspan is 5 minutes Refresh token lifespan is 30 minutes
When requesting new access tokens, you also receive a new refresh token with a lifespan of 30 minutes. This means a login session will be removed after 30 minutes of inactivity. You can keep a login session alive for 10 hours before needing to authenticate with the kombit saml token again
LindaLawton
commented
2 years ago You can keep a login session alive for 10 hours before needing to authenticate with the kombit saml token again
Kombit SAML token is only good for 8 hours not 10 hours. I have that directly from Kombit STS and i can see it in the response.
Current UTC time is 10.52. token expires at 18:52.
{
"AppliesTo": {
"EndpointReference": {
"Address": "http://ehealth.sundhed.dk/service/CareGateway/1"
}
},
"KeyType": "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey",
"Lifetime": "03/01/2022 18:52:27",
"RequestedSecurityToken": {
"Assertion": "REDACTED"
},
"RequestType": "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue",
"TokenType": "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
}I personally think this is a non issue as if we haven't finished sending data for a kommune after eight hours there something wrong. We just don't have that much data for each kommune at this time. I think I'm sending a full load of around 4000 records in about thirty minutes now.
In my experience access tokens are normally good for 3600 seconds or one hour. If we then take into account clock skew i normally use them for 55 minutes and then refresh them.
The access tokens we are getting from sundhed.dk authorization server are only good for 500 seconds or 8 minutes give or take.
If we then take into account clock skew we can only use an access token for three minutes before refreshing it?
Or do you know something I dont?
Refresh tokens appear to be good for 30 minutes so this at least is a little better.