From 7707dd6a19db9319f774004b3a42ce106116a863 Mon Sep 17 00:00:00 2001 From: Josh Wulf Date: Tue, 26 Mar 2024 19:19:19 +1300 Subject: [PATCH 1/2] test(oauth): increase token refresh threshold for SaaS tests --- .github/workflows/saas.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/saas.yml b/.github/workflows/saas.yml index c058abc0..3cd9d344 100644 --- a/.github/workflows/saas.yml +++ b/.github/workflows/saas.yml @@ -37,3 +37,4 @@ jobs: CAMUNDA_CONSOLE_CLIENT_SECRET: ${{ secrets.CAMUNDA_CONSOLE_CLIENT_SECRET }} CAMUNDA_CONSOLE_BASE_URL: ${{ secrets.CAMUNDA_CONSOLE_BASE_URL }} CAMUNDA_CONSOLE_OAUTH_AUDIENCE: ${{ secrets.CAMUNDA_CONSOLE_OAUTH_AUDIENCE}} + CAMUNDA_OAUTH_TOKEN_REFRESH_THRESHOLD_MS: 10000 From e83573dc9e17325354123705db6264af000d9a91 Mon Sep 17 00:00:00 2001 From: Josh Wulf Date: Tue, 26 Mar 2024 20:25:25 +1300 Subject: [PATCH 2/2] docs(oauth): document refresh --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 6c3df64e..a7885d52 100644 --- a/README.md +++ b/README.md @@ -92,8 +92,12 @@ const c8 = new Camunda8({ If the cache directory does not exist, the SDK will attempt to create it (recursively). If the SDK is unable to create it, or the directory exists but is not writeable by your application then the SDK will throw an exception. +### Token refresh + Token refresh timing relative to expiration is controlled by the `CAMUNDA_OAUTH_TOKEN_REFRESH_THRESHOLD_MS` value. By default this is 1000ms. Tokens are renewed this amount of time before they expire. +If you experience intermittent `401: Unauthorized` errors, this may not be sufficient time to refresh the token before it expires in your infrastructure. Increase this value to force a token to be refreshed before it expires. + ## Connection Configuration Examples ### Self-Managed