Ipaas - Do Generic Access Tokens Automatically Renew?

We are using a Generic Access Token in a connector, and it works for a while. However, after some time, the connector starts responding with authentication errors. I assumed that the token would automatically renew once it expired. Do tokens generated with a Generic Access Token automatically renew? What authentication method should I use if I want a token to be renew automatically?

More details on the authentication used:

UsernameLabel: ClientId

PasswordLabel: ClientSecret

GrantMethod: form_post

ResponseMode json

ResponseTokenName access_token  

TokenRegEx    

TokenType bearer  

TokenKeyName

RequestTemplate {  "operation": "POST",  "requestType": "form_post",  "responseMode": "json",  "transforms": {    "EncodedSecret": {      "type": "base64",      "text": "{{ClientId}}:{{ClientSecret}}"    }  },  "parameters": {    "grant_type": "client_credentials"  },  "headers": {    "Authorization": "Basic {{EncodedSecret}}"  },  "fields": {    "grant_type": "client_credentials"  }}

Tags authentication iPaaS connector ipaas-connector connector-auth
Asked by Josue Melgar on Mon 10/14/24 10:43 AM Last edited Mon 10/14/24 10:54 AM
Sign In to leave feedback or contribute an answer

Answer (1)

This answer has been marked as the accepted answer
Michael Ligouri Wed 10/16/24 12:17 PM

Hi Josue,

Currently we don't have a way to automatically update PI tokens for a credential. Each time it changes, you'll have to manually update the credential. In the past, we've been able to suggest a couple things:

  1. If the token is able to be kept "alive" as long as it isn't idle, you can set up a flow that runs a simple Get call every X minutes, just to keep the token alive.
  2. Set an expiration on the credential and then set up an Event Notifications to notify about expiring passwords (Administration > Event Notifications > Add > Event = Credentials Expiring).

Cheers,
Mike Ligouri
Technical Support Consultant

119 of 120 users found this helpful.
What do you mean by "PI tokens?" - Josue Melgar Wed 10/16/24 12:31 PM
What about the Oauth2 refresh token process?
If an auth method is created using "Generic Authorization Code OAuth2" type, would it be able to refresh the token? Is there an way to control how often it gets refreshed? - Josue Melgar Wed 10/16/24 12:35 PM
To be completly sure of what you are saying. If I create an authentication method of type "Generic Access Token (JWT/OAuth2/Etc.)", that when authorized receives an token that expires after 24 hours, it would not be able to automatically request to the authorization server a new token? - Josue Melgar Wed 10/16/24 12:40 PM
I apologize if I was not clear on the original post. I am not intending to change the information for authentication automatically. I am interested on knowing, if the authentication is able to re-authenticate (requests a new authorization token when a previous one has expired). - Josue Melgar Wed 10/16/24 12:45 PM
Sorry, that should have said "API tokens"

Otherwise, you are correct in that there's no way for an iPaaS credential to communicate directly with the other system to get new tokens and update them within iPaaS. If you have a way to extend that token's lifespan or can have some sort of refresh/keep-alive capability in the other system, that would be your best bet. Otherwise you would have to manually update the token every 24 hours in iPaaS, which of course isn't desirable.

That being said, I'm checking with our engineering team to see if we have an existing enhancement request to be able to do this, as I'm pretty sure you aren't the first person to ask about this. - Michael Ligouri Wed 10/16/24 12:50 PM
> I am interested on knowing, if the authentication is able to re-authenticate (requests a new authorization token when a previous one has expired).

Ahhhh ok, that changes things. According to our engineering team, for Access token and oauth 2, iPaaS uses a token until it expires. When iPaaS tries to use the token after expiration, and it fails to auth, iPaaS does a reauthentication request in order to get a new one. Then it will use the new one until that expires, etc and so on. - Michael Ligouri Wed 10/16/24 12:57 PM
Also, if you submit a support ticket for this, I can add it to a +1 vote to an existing enhancement request to make auto-reauth a bit more widely supported/give more options. - Michael Ligouri Wed 10/16/24 1:49 PM
I tried other options and they did not work so I created an enhancement requests. Thank you for the help. Service request ID: 26715436 - Josue Melgar Mon 10/21/24 11:02 AM