You use the advanced OAuth 2.0 settings to define how an access token should be handled.
Click the image to enlarge it.
There are three settings: one of them relates to sending requests, the others relate to refreshing the access token.
Send Access Token As
The Send Access Token option defines where the access token is sent.
| Option | Description | Example |
|---|---|---|
| Header |
The access token is sent as the request header. |
Authorization: Bearer rRR0GnTudjuUUGaSt0n |
| Query |
The access token is sent as a query parameter. |
https://www.example.com/a/v1/y/{userId}?access_token=rRR0GnTudjuUUGaSt0n |
Refresh Access Token
By default, this option is set to Automatic, which means the tokens are refreshed automatically and transparently. If you need tokens to time out, you can set the option to Manual.
| Note: | The server must provide the refresh token to ReadyAPI. If the server does not provide the token, retrieve the access token again to update it. |
| Option | Description |
|---|---|
| Automatic |
The refresh token is used automatically. |
| Manual |
The token has to be applied manually. |
When the Refresh Access Token option is set to Manual, the Refresh button that is next to the token becomes active.
To use the refresh token and update your access token, click Refresh.
Access Token Expiration Time
The Access Token Expiration Time option defines the expiration time for the access token. You can use the expiration time provided by the server, or you can specify the time you need manually.
| Note: | The 0 value indicates that the token will never expire. There is no setting for immediate expiration of the token. |
| Option | Description |
|---|---|
| Server |
The expiration time provided by the authorization server is used. |
| Custom |
The token will expire after the specified number of seconds, minutes, or hours elapse. |
See Also
Automating Token Retrieval
OAuth 2.0 Grant Types
OpenID Connect Grant Types
About OAuth 2.0
OAuth 2.0 and OAuth 2.0 (Azure)