Password expiration is a well-known security policy implemented by many enterprises and its consider a best practice in the security realm. It is implemented by mandatory password changes with recurrence governed by a validity time. Once the validity time expire a new password or access token is re-generated. All the users should refresh to the new credential to be able access the service.
Syniverse SDC provides the UI to perform the SCG API access token expiration set up and re-generation. Additionally, provides an API to programmatically refresh an SCG expired token in the consumer process side. These functionalities allow the implementation of access token expiration policies in the enterprise applications.
This document provides an access token expiration policy implementation description along with examples of Syniverse API calls using cURL commands to refresh the credentials on the consumer process side.
Defining the access token expiration policy
When a new SDC application is created, the default access token configuration is set as non-expiring token meaning that the access token never expires. In this case the only way to re-generate the access token is the Re-generate button provided.
However, the UI also provides the fields to set a validity time for the new access token using Token Expiration field. When a token expiration value is set before Re-Generate the new token, the token is created along with its expiration setting.
Refreshing credentials
After access token Re-generating with token expiration time, the users or processes should refresh the credentials (access token) they actively use for the SCG API calls. Given the case their current credential gets expired, an API call should be executed using additional credentials to get the new access token.
Example: 60 seconds access token expiration
In this example, we implemented a 60 seconds access token validity time.
Defining the aging access token in SDC:
Login to SDC and click the SDC application for token set up:
Click options icon and select edit:
Click on Auth Keys:
Here we set the token expiration to 60 seconds and re-generate:
The new access token set up is active now:
Consumer process token refresh
With the new token setting, the access token will expire in the next 60 seconds. After that period a new token must be obtained at the consumer process.
For this token refresh operation, SDC application credentials are required: Consumer Key and Consumer Secret. This refresh can be implemented by getting the current access token executing the bellow API call:
curl --location 'https://api.syniverse.com/apptoken-refresh?consumerkey={yourKey}&consumersecret={yourSecret}&oldtoken=XXXX&validity=60' \
--header 'Cookie: yourcookiename=yourcookievalue1234567abc'
R/
{
"accessToken": "{yourNewToken}",
"validityTime": 60
}
First time apptoken-refresh API call
The first time a process calls apptoken-refresh, can execute the API call with oldtoken=0 to get the current valid token.
For more articles about Syniverse Cookie Policy click here
0 Comments