CODEWITHSUNDEEP
oauth-2.0salesforcerefresh-token
SlowBlurry
SlowBlurry

Reputation: 181

How can you force expire a salesforce access token?

I'm building a web app and using OAuth2 to authenticate. For testing purposes, I would like to test what happens when the access token expires and the refresh token is needed to re-authenticate. Since the salesforce oauth token does not contain an "expiry date" parameter, how would i forcefully expire the salesforce access token.

This is what is returned when a token is requested.

{
    "oauth_token": {
        "access_token": "<access token>",
        "id": "https://login.salesforce.com/id/00DG0000000imtwMAA/005G0000001CFgeIAG",
        "id_token": "<id token>",
        "instance_url": "https://na47.salesforce.com",
        "issued_at": "1522400000",
        "refresh_token": "<refresh token>",
        "scope": [
            "refresh_token",
            "full"
        ],
        "signature": "<signature>",
        "token_type": "Bearer"
    }
}

Upvotes: 3

Views: 2954

Answers (1)

martin
martin

Reputation: 1182

If you want to do it manually, you can go to Setup > Security Controls > Session Management, then select the session from the list and remove it. Alternatively, if you need to do it programmatically, you could query and delete these records, which are stored in the AuthSession object.

Once you've done that, your access token will be expired, and attempts to use it will produce:

[ { "message" : "Session expired or invalid", "errorCode" : "INVALID_SESSION_ID" } ]

Your refresh token will still be valid though, and you can use it to request a new access token.

Upvotes: 4

Related Questions