Configuring the maximum access-token expiration period

Configure the maximum validity duration (expiration period) of access tokens that are obtained by the application.

About this task

A generated MobileFirst access token has an expiration period, which determines the duration for which the token is valid. See.Token expiration. The maximum access-token expiration period is configured by setting the value of the maxTokenExpiration property of the application descriptor. The default value of this property is 3,600 seconds (1 hour). Follow the outlined procedure to configure this property.

Procedure

Configure the application’s maximum access-token expiration period by using one of the following alternative methods:

Using the IBM MobileFirst™ Platform Operations Console (the console)
1. Select your application version from the Applications section of the console's navigation sidebar, and then select the application Security tab.
2. In the Token Configuration section, set the value of the Maximum Token-Expiration Period (seconds) field to your preferred value, and select Save to save the change.
  You can repeat this procedure, at any time, to change the maximum token-expiration period, or select Restore Default Values to restore the default value.
Editing the application-descriptor file
1. Create a local copy of the application-descriptor JSON file. See Application configuration.
2. Edit your local copy to define a maxTokenExpiration key and set its value to the maximum access-token expiration period, in seconds:
```
"maxTokenExpiration": max_token_expiration_period
```
  For example, the following code sets the application's maximum token-expiration period to 7,200 seconds (2 hours):
```
{
    ...
    "maxTokenExpiration": 7200
}
```
3. Deploy your copy of the application-descriptor JSON file to MobileFirst Server. See Application configuration.