This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Check if ExpiresIn and RefreshTokenExpiresIn are working

Posted on 01-21-2025 05:31 AM
mateoporcar
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hello there,

Recently we added to our Oauthv2 policy the options of ExpiresIn and RefreshTokenExpiresIn. 

 

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 name="OAuth-v20-Store-External-Token" async="false" continueOnError="false" enabled="true">
    <DisplayName>OAuth-v20-Store-External-Token</DisplayName>
    <Attributes/>
    <ExternalAccessToken>external_access_token</ExternalAccessToken>
    <ExternalRefreshToken>external_refresh_token</ExternalRefreshToken>
    <ExternalAuthorization>true</ExternalAuthorization>
    <Operation>GenerateAccessToken</Operation>
    <ReuseRefreshToken>true</ReuseRefreshToken>
    <ExpiresIn>1860000</ExpiresIn>
    <RefreshTokenExpiresIn>7260000</RefreshTokenExpiresIn>
    <StoreToken>true</StoreToken>
    <SupportedGrantTypes>
        <GrantType>client_credentials</GrantType>
    </SupportedGrantTypes>
    <GenerateResponse enabled="false"/>
</OAuthV2>

How can we check if those tokens are purged from Cassandra?

Apigee versions: 4.52 / 4.53 (opdk installation)

The message-processor has the following values:

 

[xxxxx@xxxxxx conf]# grep -rnw '/opt/apigee/edge-message-processor/conf/' -e 'purge'
/opt/apigee/edge-message-processor/conf/keymanagement.properties:25:oauth.access.token.purge.after.seconds=259200
/opt/apigee/edge-message-processor/conf/keymanagement.properties:26:oauth.authorization.code.purge.after.seconds=259200
/opt/apigee/edge-message-processor/conf/keymanagement.properties:27:apikey.purge.after.seconds=-1

Thanks,

Mate.

 

Solved Solved
0 3 256
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
omidt
Staff
Reply posted on --/--/---- --:-- AM

Hi @mateoporcar

Cassandra's own garbage collection and compaction processes will delete tombstones. You could refer to monitoring/telemetry, logs and perhaps "nodetool compactionhistory" to see when and how often compaction runs.

Related: https://docs.apigee.com/api-platform/reference/policies/oauthv2-policy#purgingaccesstokens

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
AlexET
Staff
Reply posted on --/--/---- --:-- AM

Hey @mateoporcar! Thank you for your question.

We’ll monitor this thread to ensure you receive a helpful response. In the meantime, we invite you to join our office hours tomorrow - Thursday, at 4 PM CET, for a more in-depth discussion. You can register for the session here: Apigee mad_in_api TechTalk & Office Hours🙂

Jump to Solution

Posted on --/--/---- --:-- AM
omidt
Staff
Reply posted on --/--/---- --:-- AM

Hi @mateoporcar

Cassandra's own garbage collection and compaction processes will delete tombstones. You could refer to monitoring/telemetry, logs and perhaps "nodetool compactionhistory" to see when and how often compaction runs.

Related: https://docs.apigee.com/api-platform/reference/policies/oauthv2-policy#purgingaccesstokens

Jump to Solution

Posted on --/--/---- --:-- AM
mateoporcar
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Thank you @omidt ! 

Jump to Solution