This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

User is still logged in once oauthv2 token is revoked

Posted 2 weeks ago
madhavikris
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Is there any way to invalidate oauthv t2oken immediately? when I read apigee documents I found that : OAuth tokens are cached for three minutes (180 seconds); therefore, a revoked token may still succeed for up to three minutes, until its cache limit expires.@dchiesa1 Please suggest

Solved Solved
0 2 62
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
AlexET
Staff
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi @madhavikris, thank you for bringing this question to the community, and a big thanks to @dchiesa1  for the response!

If the reply provided resolved your issue, it would be great if you could mark it as an accepted solution to help others with similar questions. 

We’re glad to have you here—feel free to explore or join other conversations in the community anytime. 😉

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

There's no way to tell Apigee, in OAuthV2/VerifyAccessToken, to completely disable the cache of the OAuth 2 token. But, you can specify the TTL of the cache, using a new(-ish) configuration element  in the OAuthV2 policy. By reducing that cache TTL to as low as 1 second, you almost get the "disable the cache" behavior you imagined. And I guess that would be good enough.

The configuration looks like this: 

<OAuthV2 name='OAuthV2-Verify-Access-Token'>
  <Operation>VerifyAccessToken</Operation>
  <CacheExpiryInSeconds ref="propertyset.settings.token-ttl">40</CacheExpiryInSeconds>
</OAuthV2>

This works in X and hybrid.

You should take care when doing this with high-scale, high-throughput systems.  Reducing the cache TTL can make the system perform more slowly. That may be a good tradeoff in some cases. 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
AlexET
Staff
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi @madhavikris, thank you for bringing this question to the community, and a big thanks to @dchiesa1  for the response!

If the reply provided resolved your issue, it would be great if you could mark it as an accepted solution to help others with similar questions. 

We’re glad to have you here—feel free to explore or join other conversations in the community anytime. 😉

Jump to Solution
0 Likes