From Collaborate version 5.2 the option to set access token expiration for three months, six months or a year will be removed. The reasons for this are:
- to avoid situations where an access token and refresh token both expire at the same time
- because access tokens become less secure the longer expiration they have
The maximum the access token can be set from version 5.2 is one month. Any existing API tokens configured to expire after a month will expire and the access token configuration for API application registration will be reset to expire after a month.
An API client who has already coded the OAuth workflow correctly should have no problem with this change as the refresh token should be used to obtain the access token on expiration. Any API clients who have not coded the refresh token workflow will need to implement the refresh token workflow or manually generate the access token to allow their application to continue working.
Please note that this change was introduced in Collaborate 4.4 and later reverted based on partner feedback. This is now scheduled for our Collaborate 5.2 release which is coming later this year. This will give our partners enough time to manage the token expiration workflow as recommended with OAuth2 standards.