Is it possible to extend the expiry time of a token?

aerospace-engineer-2 · March 7, 2023, 1:19pm

Hi newby here with my 1st shout out for help.

It appears by default when we post a token request, it has a 15 minute lifespan.
(expires_in: 900)

Screen shot attached.
Token - Expires In

Is it possible to extend this, if so how and where do we do that?

thank you

michaelderekjones · March 7, 2023, 1:55pm

That will be down to the API.

If it can be changed, it will be a server side configuration option in the API you are consuming.

However, you could potentially use the authorization helper in Postman to generate your token which has an option for auto renewing tokens.

aerospace-engineer-2 · March 7, 2023, 2:09pm

Thank you for the explanation, appreciated. We are in the process of trying the authorization at collection level, however for some reason the Auto-refresh token toggle button is greyed out.

Screen shot attached

Manually running the Get New Access Token works successfully.

We did watch the video explainer, the difference in our is the Grant Type is Client Credentials, as opposed to Authorisation Code as shown in video.

Thanks for reading, any suggestions most appreciated.

michaelderekjones · March 7, 2023, 2:15pm

I can’t answer that question as I don’t use this feature.

Hopefully someone else will be able to provide you details on why the option is greyed out.

Another option is to use a pre-request script, similar to the following.

Just change the body and grant type to fit your circumstance.

pm.test("Check for collectionVariables", function () {
    let vars = ['clientId', 'clientSecret', 'tenantId', 'username', 'password', 'scope'];
    vars.forEach(function (item, index, array) {
        console.log(item, index);
        pm.expect(pm.collectionVariables.get(item), item + " variable not set").to.not.be.undefined;
        pm.expect(pm.collectionVariables.get(item), item + " variable not set").to.not.be.empty; 
    });

    if (!pm.collectionVariables.get("bearerToken") || Date.now() > new Date(pm.collectionVariables.get("bearerTokenExpiresOn") * 1000)) {
        pm.sendRequest({
            url: 'https://login.microsoftonline.com/' + pm.collectionVariables.get("tenantId") + '/oauth2/v2.0/token',
            method: 'POST',
            header: 'Content-Type: application/x-www-form-urlencoded',
            body: {
                mode: 'urlencoded',
                urlencoded: [
                    { key: "client_id", value: pm.collectionVariables.get("clientId"), disabled: false },
                    { key: "scope", value: pm.collectionVariables.get("scope"), disabled: false },
                    { key: "username", value: pm.collectionVariables.get("username"), disabled: false },
                    { key: "password", value: pm.collectionVariables.get("password"), disabled: false },                    
                    { key: "client_secret", value: pm.collectionVariables.get("clientSecret"), disabled: false },
                    { key: "grant_type", value: "password", disabled: false },
                ]
            }
        }, function (err, res) {
            if (err) {
                console.log(err);
            } else {
                pm.test("Status code is 200", () => {
                    pm.expect(res).to.have.status(200);
                });
                let resJson = res.json();
                pm.collectionVariables.set("bearerTokenExpiresOn", resJson.expires_in);
                pm.collectionVariables.set("bearerToken", resJson.id_token);
            }
        });
    }
});