XProtect (API Gateway) : Bearer Token expired - how to extend bearer token validity beyond 3600 seconds ?

005bH000000sdVpQAI · June 12, 2024, 4:48pm

I generated a Bearer Token to interface with my Management Server via the Gateway API, following the commands provided in the documentation.

However, the Bearer Token’s validity is limited by default to 3600 seconds (1 hour). The Token is temporary. I can’t find a command in the Milestone documentation to extend the Token’s validity.

I’d like to generate a permanent Bearer Token.

Do you know of a command to extend the validity of the Bearer Token?

Thanks !

PowerShell command to generate the Bearer Token :

$headers = @{ “Content-Type” = “application/x-www-form-urlencoded” }

$body = @{grant_type=‘password’

username=‘seamrune’

password=‘Rad23Swops#’

client_id=‘GrantValidatorClient’}

$response = Invoke-RestMethod ‘https://test-01.example.com/idp/connect/token’ -Method ‘POST’ -Headers $headers -Body $body

$response | ConvertTo-Json

Response body :

{

“access_token”: “eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L . . . ay0ferTwm-DZ4OxNXGTHk5t7R_YTWPjg”,

“expires_in”: 3600,

“token_type”: “Bearer”,

“scope”: “managementserver”

}

spr · June 13, 2024, 11:24am

Hi,

There is no support for extending token lifetimes, and especially not for permanent tokens. What you can do instead is to use a client_id that supports refresh tokens, such as the built-in VmsClient, and then send a request to the token endpoint whenever your token has timed out (or is about to), with the following payload:

grant_type:refresh_token

refresh_token:{Refresh token from original login}

client_id:VmsClient

Hope this helps.

Best Regards,

Simon

005bH000000sdVpQAI · June 14, 2024, 8:32am

Hi Simon,

Thanks for your help.

I’ve been thinking about a refresh tokens but I haven’t found the right method yet.

The payload supplied with client_id VmsClient doesn’t work. I’m looking for another way to use a client_id that supports refresh tokens.

Thanks,

Alpha

spr · June 14, 2024, 8:54am

Hi,

What exactly do you mean when you say it doesn’t work? If you login with client_id set to VmsClient, the refresh operation should work using the same client_id.

Best regards,

Simon