Refresh token expire time

[pear9]

Is there some minimum time that refresh token should have cause when I tested it for 12 seconds oauth2_settings.DEFAULTS['REFRESH_TOKEN_EXPIRE_SECONDS'] = 12 it doesnot expire or it doesnot exist

[wagnerdelima]

mm, the documentation does not say anything about a minimum value. What are you trying to do exactly? And why did you set 12 seconds?

Ref: https://django-oauth-toolkit.readthedocs.io/en/latest/settings.html?highlight=REFRESH_TOKEN_EXPIRE_SECONDS#refresh-token-expire-seconds

[pear9]

12 secs was just for testing purpose

In documentation it is mentioned that: NOTE: This value is completely ignored when validating refresh tokens. If you don’t change the validator code and don’t run cleartokens all refresh tokens will last until revoked or the end of time. You should change this.

So I think Management command cleartokens should be run be regular interval if the expire time of Refresh token is less than 1day. But still confusing.

[wagnerdelima]

Yes it's a little confusing indeed. But in this case, your tokens are the access tokens. By the docs it has nothing to do with the refresh tokens themselved.

Update My bad, you mentioned refresh tokens.