Skip to main content

Modifying the Token Lifetime in Access Control for CxSAST 9.x

Access Control enables you to modify the life time of the access token for each client individually by modifying the default values of ‘accessTokenLifetime’ and ‘absoluteRefreshTokenLifetime’ to the respective client IDs as explained below:

  1. Open the Access Control Swagger user interface by going to

    http://<servername>:<port>/CxRestApi/auth/swagger, for example http://localhost/CxRestApi/auth/swagger

  2. Authenticate yourself by clicking Authenticate and then following the on-screen instructions.

  3. Once authenticated, run GET /OIDCClients. All the client IDs in the network appear listed.

  4. Locate the client ID that you want to modify.

  5. Run PUT /OIDCClients/{id} with the desired ID.

  6. Update accessTokenLifetime and absoluteRefreshTokenLifetime with the new default values of the token life time.

  7. Repeat these steps for any client you need to modify.