token duration

API Discussion
Hi guys,

There is a way to increase the token duration (item api access) ? he works for only 24h before i need to refresh him. May be i do something wrong ?

Thanks you
Tokens have a fixed duration and are not meant to last long.

First, the really cool thing is, since the OAuth documentation has been written, Blizzards OAuth implementation has been updated to be more standards compliant. Or perhaps it always was.

At any rate you can now query the OAuth servers for their capabilities and endpoints with a URL like:

https://us.battle.net/oauth/.well-known/openid-configuration

So you can paste that into a browser URL bar and see what their OAuth implementation supports.

Next, we return to your question about tokens and lifetimes. Tokens are not regarded as secure if they live too long. So OAuth defines mechanisms that allow clients to learn of a tokens lifetime, and refresh it appropriately.

If we query Blizzards OpenID configuration above and examine the supported grant types - notably absent from this is the refresh_token grant type.

So, you are either stuck with signing the user (or your client) in again to obtain a fresh token after the token interval is up, or figuring out if the undocumented 'token_extension' grant type support implies that tokens can be kept alive, and how to use that.

Join the Conversation

Return to Forum