Refresh Token for integrations expires in 2 weeks, possible to refresh it automatically?

New Here ,
May 27, 2020 May 27, 2020

Copy link to clipboard

Copied

Quoting the documentation "The default expiry of access tokens is 24 hours. You can refresh an access token without prompting the user for permission again even if a user is not present. The refresh token, by default, expires in 2 weeks."

 

What if I want to continue using the integration without human intervention after 2 weeks? Is the end user obliged to reauthenticate every 2 weeks? That would be kind of not the best user experience in my opinion.

 

Thank you in advance!

TOPICS
Stock API, Troubleshooting

Views

131

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Aug 13, 2020 Aug 13, 2020

Copy link to clipboard

Copied

LATEST

Hi!

 

Sorry, this question was just brought to my attention. For faster service on questions about the API, please do not rely on the community forum--instead, email us at stockapis@adobe.com. I rarely visit the forums because they are usually not API-related.

 

To your question, the reason we limit the expiration is because Stock access tokens can be used to purchase goods and are typically tied directly to your account or credit card. If your application credentials or any of your tokens were leaked, your customers could be the victims of fraud and you as the developer would be partly responsibile. So I doubt you want to take that risk, or your users unless this was an internal application.

 

Instead, what we can permit is for you to request a new refresh token each two weeks, rather than the same one. Currently, you receive the same refresh token with a hard-coded expiration of two weeks from the first time you request it. We can change this so that we return a new refresh token with a new expiration, so that you could keep the user perpetually signed in as long as they actively use the application. If they stop using it, then they would get signed out.

 

If you want to look into this possibility, please email us at stockapis@adobe.com and tell us your business use case. Again, keep in mind this adds additional risk to you and your users. We typically only allow this for internal applications where the developer and users are part of the same company or project, or an application that does not allow licensing of assets.

 

Thanks, and we look forward to hearing from you!

Christopher Smith

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines