search cancel

How to verify the OIDC token expiry times in the logs?

book

Article ID: 255259

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

If there is a question or need to validate the expiry values, without having access to the token, it can be done through the FWSTrace log.

Resolution

In the FWSTrace.log, the access, refresh, and identity token values are logged.

Below are examples of the expiry set for the default 5 mins as well as 30 minutes. Search for "expires_in".

Ex. 5 mins

[access_token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, refresh_token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, id_token=XXXXXXXXXXXXXXXXX, expires_in=300, token_type=Bearer]]

Ex. 30 mins

{"access_token":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX","refresh_token":"XXXXXXXXXXXXXXXXXXXXXXXXXXX,"id_token":"XXXXXXXXXXXXXXXXXXXX,"expires_in":1800,"token_type":"Bearer"}]]