Express Gateway OAutn2 client_credentials flow sends incorrect value in expires_in

Question

Express Gateway app created with no scopes

Requested access token via api /oauth2/token Request as follows:

curl --location 'http://localhost:9080/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=xxxxxxx-dad7-4af4-xxxx-230f296857f8' \
--data-urlencode 'client_secret=3b2e386b-d32b-xxxx-aaa1-58c1db5fd0c2'

Got Response:

{
    "access_token": "a7da0f217b1d4ce3a4479b6eddf9b11e|a233f118b9a646d6b90785e0b0d6d5c6",
    "expires_in": 3600,
    "token_type": "Bearer"
}

After 30 mins same request - got same response:

{
    "access_token": "a7da0f217b1d4ce3a4479b6eddf9b11e|a233f118b9a646d6b90785e0b0d6d5c6",
    "expires_in": 3600,
    "token_type": "Bearer"
}

But Token expires after 30 mins of second api call (It should be valid for 1 hour as per expires_in param)

Express Gateway Config:


# Core
db:
  redis:
    #emulate: true
    #namespace: EG
    host: localhost
    port: 6379
    namespace: EG

crypto:
  cipherKey: sensitiveKey
  algorithm: aes256
  saltRounds: 10

# OAuth2 Settings
session:
  secret: keyboard cat
  resave: false
  saveUninitialized: false
accessTokens:
  timeToExpiry: 3600000
refreshTokens:
  timeToExpiry: 3600000
authorizationCodes:
  timeToExpiry: 300000

Why 'expires_in' param contains wrong expiry time?

Express Gateway OAutn2 client_credentials flow sends incorrect value in expires_in

0 Answers0