As per Magento's developer documentation site
This is the first step in the 2-legged Oauth handshake. However, you must use these credentials to get an access token in fewer than three minutes or the credentials are disabled for security reasons. The credentials expiry can be changed from backend by the administrator. As stated previously, it's defaulted to three minutes.
it sounds like you can change the expiration time for an OAuth
token request somewhere in the backend.
Where is this somewhere?
Best Answer
I think what you're looking for can be found under Admin > Stores > Configuration > Services > OAuth tab:
The interesting thing is that default value is not 3 minutes but actually 5 minutes (300 seconds).
The default values are set under
\app\code\Magento\Integration\etc\config.xml
:Another interesting thing is that, on top of this default value, an extra default value is defined under
\app\code\Magento\Integration\Helper\Oauth\Data.php
:This value is used in case the expiry is set to a negative number:
NB: the screenshot is from a 2.0.0 install, I reckon an Authentication lock section has been added since.