What is the token refresh endpoint in WSO2 identity server to get new access token by refresh token

Question

1.What is the token refresh endpoint in WSO2 identity server to get new access token by refresh token.

2.What is the default user session timeout period in idp user.

3.And also can i extend user session timeout period from server end.

4.Is there any relation between access token expiry time and user session timeout period. "expires_in":3545

5.Is there any way to avoid user session timeout.

Answer 1

1.What is the token refresh endpoint in WSO2 identity server to get new access token by refresh token:

There is not specific endpoint for refresh token, if you need to do a refresh token you must request back to the token endpoint using a grant type :refresh_token.

2.What is the default user session timeout period in idp user:

The default session timeout depend on wich IDP you use, there is no standard value.

3.And also can i extend user session timeout period from server end:

You can not extend the IDP session from your application but you can invalidate the IDP session by log in out the user.

4.Is there any relation between access token expiry time and user session timeout period. "expires_in":3545:

Expires_in: is the time of validity of a token, after this time a new request to IDP must be made to get another token, by calling a refresh token.

User session in IDP side is created after validating user’s credentials and terminated/removed only when the user manually logs out, or if the user’s session timeout expires due to inactivity, is like a session in web application to avoid authentication again and again and to improve performance of your IDP.

5.Is there any way to avoid user session timeout:

There is no relation between IDP session and your application session, in your application side you can manage your sessions as you want but in IDP side there is no sense to try managing it, as I said in the previous question is for IDP to improve performance.