cool-ghost-42678
04/20/2022, 8:10 AMoauth2/introspect
endpoint and my configuration.
I have to add that the duration of tokens in the configuration file are only for testing and that we have the same behaviour with longer duration.
hydra version: 1.10.2
First instrospect:
{
"active": true,
"scope": "openid offline_access",
"client_id": "4c7b757c-7c7e-41fc-a74c-744c61002e8d",
"sub": "a4375067-3bba-4a71-b7ba-1360488ca91b",
"exp": 1650441205, // 09:53:25
"iat": 1650440724, // 09:45:24
"nbf": 1650440724,
"aud": [],
"iss": "https://<myawesomehydraurl>/« ,
"token_type": "Bearer",
"token_use": "refresh_token"
}
Second introspect:
{
"active": true,
"scope": "openid offline_access",
"client_id": "4c7b757c-7c7e-41fc-a74c-744c61002e8d",
"sub": "a4375067-3bba-4a71-b7ba-1360488ca91b",
"exp": 1650441508, // 09:58:28
"iat": 1650441027, // 09:50:27
"nbf": 1650441027,
"aud": [],
"iss": "https://<myawesomehydraurl>/",
"token_type": "Bearer",
"token_use": "refresh_token"
}
Here you can see that the refresh token should expire at 095325 but when our ID token expires and we refresh it, the second refresh token issued expires at 095828. And this go indefinitly.
Hope that you can help me on this 🙂happy-morning-85531
04/20/2022, 8:14 AMcool-ghost-42678
04/20/2022, 8:32 AMhappy-morning-85531
04/20/2022, 8:38 AMcool-ghost-42678
04/20/2022, 9:04 AMhappy-morning-85531
04/20/2022, 9:26 AMmagnificent-energy-493
happy-morning-85531
04/20/2022, 9:33 AMcool-ghost-42678
04/20/2022, 1:00 PMmagnificent-energy-493