TTL value returned along with user impersonation token is incorrect in forge remote API call

XMLWordPrintable

    • Minor
    • Integration testing
    • L

      Issue Summary:

      A customer has reported that they are seeing the ttl(time-to-live) supplied with user impersonation token(which is 1800 seconds) is incorrect. We have verified that the actual token expiry is 4 hours and the customer is seeing the same. Even after the "ttl" time the customer is getting the same token and he is able to use that token up until the 4 hour expiry. We see that it is being hard-coded to 30 min expiry instead of actual expiry of the token.

      Steps to Reproduce

      1. Follow this guide to fetch the user impersonated token from forge remote:
      2. The ttl received on the caller end will be 1800 seconds which is incorrect.
      3. Actual expiry is 14400 seconds which is 4 hours.
      4. Call the same API to fetch the token after 1800 seconds(30 mins) has elapsed, you will receive the same token which still valid.

      Expected Results

      1. The ttl user should receive should reflect correct expiry of the token.
      2. The token should expire after the reported ttl.

      Actual Results

      1. The ttl user is receiving is 1800 seconds which is incorrect.
      2. The token is expiring only after 4 hours(14400 seconds)

      Workaround

      We advice our customer to keep using the ttl field.

            Assignee:
            Shivam Gupta
            Reporter:
            Shivam Gupta
            Votes:
            11 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated: