Magento 2 – Changing Expiration Time for oAuth Token Request in Backend

integrationmagento2oauth

As per Magento's developer documentation site

This is the first step in the 2-legged Oauth handshake. However, you must use these credentials to get an access token in fewer than three minutes or the credentials are disabled for security reasons. The credentials expiry can be changed from backend by the administrator. As stated previously, it's defaulted to three minutes.

it sounds like you can change the expiration time for an OAuth token request somewhere in the backend.

Where is this somewhere?

Best Answer

I think what you're looking for can be found under Admin > Stores > Configuration > Services > OAuth tab:

The interesting thing is that default value is not 3 minutes but actually 5 minutes (300 seconds).

The default values are set under \app\code\Magento\Integration\etc\config.xml:

<default>
    <oauth>
        <cleanup>
            <cleanup_probability>100</cleanup_probability>
            <expiration_period>120</expiration_period>
        </cleanup>
        <consumer>
            <expiration_period>300</expiration_period>
            <post_maxredirects>0</post_maxredirects>
            <post_timeout>5</post_timeout>
        </consumer>
        <authentication_lock>
            <max_failures_count>6</max_failures_count>
            <timeout>1800</timeout>
        </authentication_lock>
    </oauth>
</default>

Another interesting thing is that, on top of this default value, an extra default value is defined under \app\code\Magento\Integration\Helper\Oauth\Data.php:

const CONSUMER_EXPIRATION_PERIOD_DEFAULT = 300;

This value is used in case the expiry is set to a negative number:

public function getConsumerExpirationPeriod()
{
    $seconds = (int)$this->_scopeConfig->getValue(
        self::XML_PATH_CONSUMER_EXPIRATION_PERIOD,
        \Magento\Store\Model\ScopeInterface::SCOPE_STORE
    );
    return $seconds > 0 ? $seconds : self::CONSUMER_EXPIRATION_PERIOD_DEFAULT;
}

NB: the screenshot is from a 2.0.0 install, I reckon an Authentication lock section has been added since.

Related Solutions

Magento – Not able to get OAuth token for Magento Rest API Client

You can get OAuth Token by using below details:

URL : https://magento.local/rest/V1/integration/customer/token

Header : Content-Type : application/json

Request Type : POST

  **Params**--->
    {
            "email":"test@test.com",
            "password":"test@123"
    }

You will get customer token.

Magento 2 – Where Does the OAuth Verifier Token Come From?

Think I've got this one figured out. When you authorize an integration, Magento makes a POST to the integration's callback URL. This information includes the verifier token.

Called Array
(
    [oauth_consumer_key] => 2unvs7ccym............77kvlxx1rp
    [oauth_consumer_secret] => 1skp6............yy842a49xrjkaqb
    [store_base_url] => http://magento-2-0-4.dev/
    [oauth_verifier] => ku8wjnqxuxj98x0ruwf............4
)

Tangentially -- as the client/app owner, you use the consumer key and consumer secret to POST to /oauth/token/request and get a request token and a request token secret. You use the request token along with the oauth verifier when you request a access token from /oauth/token/access. The request token secret is not used directly, but it is used indirectly. The secret is used to sign the request made to /oauth/token/access.

Best Answer

Related Solutions

Magento – Not able to get OAuth token for Magento Rest API Client

Magento 2 – Where Does the OAuth Verifier Token Come From?

Related Topic