Hi,
- I’m using login + password to get session token
AuthenticationClients.builder()
.setOrgUrl(oktaClientProperties.getOrgUrl())
.build().authenticate(login,
password.toCharArray(),
null,
new IgnoringStateHandler());
- then I use sessionToken to get authorization code
oktaOauthClient.authorize(customOktaProperties.getServiceId(), Map.of(
"nonce", "23321",
"client_id", customOktaProperties.getClientId(),
"response_type", "code",
"scope", "offline_access",
"redirect_uri", customOktaProperties.getRedirectUrl(),
"sessionToken", sessionToken,
"state", "sdasdas",
"expires_in", Integer.valueOf(60*60*24*365).toString()
));
- then I get refresh_token, access_token using authorization code.
return oktaOauthClient.getUserTokens(customOktaProperties.getServiceId(), Map.of(
"client_id", customOktaProperties.getClientId(),
"client_secret", customOktaProperties.getSecret(),
"grant_type", "authorization_code",
"redirect_uri", customOktaProperties.getRedirectUrl(),
"code", authorizationCode,
"expires_in", Integer.valueOf(60*60*24*365).toString()
));
How can I configure expiration time for refresh_token?