Expiration Period of the Access Token

An access token has the expiration period, but the default expiration period is set to 2147483647 seconds (68 years). If you are using the default expiration period, therefore, you will not have to worry about the token expiration and re-login.

You can change this value to set the explicit expiration period on the access token so as to strengthen the security (i.e. reducing the risk of the access token leakage).

If you set the expiration period, the token will be invalidated after this period is passed; accessing Kii Cloud with the invalidated access token will return an error. You can auto-update the expired access token with a new one with the refresh token feature available in the Kii Cloud SDKs for Android and iOS and the REST API.

Please note that the expiration period will be counted from the initial login by the user; it does not mean the idling time after the last login.

You can expire tokens explicitly by using the application admin feature. If disabled, the token will be invalidated regardless of its expiration date. The token will be invalidated also when the user changes their password.

Setting the expiration period with API

By default, once you authenticate a user, received access token will not be expired.However, you can use Kii.setAccessTokenExpiration(expiresIn) method to expire the token after a certain period. Once you set the token expires in, it will be the lifetime of each token received in future authentication.

When you are setting the expiration period, you can specify this period when you execute the KiiUser.authenticateWithToken(token, callbacks, expiresAt) method. This will allow you to maintain the expiration period with the KiiUser.getAccessTokenObject.

  • // Get an access token and its lifetime from the storage with your own function.
    var accessToken = getAccessToken();
    var expiresAt = getAccessTokenExpiresAt();
    
    // Authenticate a user with the access token.
    KiiUser.authenticateWithToken(accessToken, null, expiresAt).then(
      function(theUser) {
        // Do something.
      }
    ).catch(
      function(error) {
        // Handle the error.
        var theUser = error.target;
        var errorString = error.message;
      }
    );
  • // Get an access token and its lifetime from the storage with your own function.
    var accessToken = getAccessToken();
    var expiresAt = getAccessTokenExpiresAt();
    
    // Authenticate a user with the access token.
    KiiUser.authenticateWithToken(accessToken, {
      success: function(theUser) {
        // Do something.
      },
      failure: function(theUser, errorString) {
        // Handle the error.
      }
    }, expiresAt)

Setting the access token policy on the developer portal

On the developer portal, you can set the access token policy by setting the default/maximum expiration period.

See Configuring Access Token Policy for the details on how to set the policy.

Target APIs

When you set the expiration period on the access token, the setting will be applied to the following actions:

  • Logging in with a password.

  • Creating a new user.

  • Logging in with the external service account (with the native application authentication).

The following actions will not be affected:

  • Logging in with a saved access token (the expiration period applied to the existing token will be applied).

  • Logging in with information saved by the Kii Cloud SDK (the expiration period applied to the existing token will be applied).

  • Logging in as a pseudo user (the default value will always be applied so that the token never expires).