Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1320
Views
25
Helpful
6
Replies

Guest Issuer tokens

Francisco Zicre
Level 1
Level 1

‎02-24-2022 08:37 AM

Hi everyone, i have an app that uses the guest issuer to generate temporary users to make calls on a website.

I want to know more about the 750 token limit.

The FAQ says that Access tokens generated by integrations are valid for 14 days , is there a way to reduce that limit for the tokens? Or that doesn't apply for guest issuer?

 

Labels:
6 Replies 6

edwin.ramana
Level 4
Level 4

‎08-24-2022 12:19 AM

Hi,

How can we keep the session of the guest user alive?
If we're using JWT to get an access token, there's no refresh token to refresh the access token.

edwinramana_0-1661325385416.png
What if we re-generate the jwt token using the same client id, secret, and sub. Will webex keep the session of the guest user like for example, the email of the guest user will be the same, the chat history, call history, etc?

edwinramana_1-1661325529596.png


Regards,


Edwin R

0 Helpful

sandiban
Cisco Employee
Cisco Employee
In response to edwin.ramana

‎08-24-2022 03:12 AM

Hi @edwin.ramana ,

Thanks for your patience so far!
I think now I understand your point, I think you're discussing a scenario like doctor-patient appointment, where the patient came as a Guest User for an appointment call and then after dropping the call, the patient/user is gone!
You're right, in that case - the Access Token corresponding to the JWT has no existence in real life. Or, say the existence would be there only for those 14 days.

But being a valid User with an existing Webex account, if you create a Guest Issuer first as I shared the link in last reply and then using those details (like, ID and Secret) you create the JWT and corresponding Access Token, then even if the Access Token is expired, you can create a fresh Access Token again since you've a valid & existing account and you can re-use your Guest Issuer. 
However, you're right, this above scenario is not valid for just a Guest User to Webex.

Kind regards,
Sandip

0 Helpful

sandiban
Cisco Employee
Cisco Employee

‎08-23-2022 11:57 PM - edited ‎08-24-2022 12:01 AM

To generate the JWT Token and Access Token pair using Webex Guest Issuer ID and Secret, here is the Test code sample - 
https://github.com/CiscoDevNet/webex-teams-jwt-samples

For specific to Webex JWT Token, we can create a User specific Guest Issuer first from here.
And, using this Guest Issuer ID and Secret, a specific Webex user can create the corresponding JWT and Access Token by using the above code sample as many number of times as they want!
Note: Creating the Access Token from Refresh Token, is done via an Integration, is totally a different concept and not similar to this Guest Access Token with JWT procedure. However, the an Access Token lifetime is always 14 days irrespective of it's creation via a Refresh Token or, JWT!

Regards,
Sandip

0 Helpful

Jeff Marshall
Cisco Employee
Cisco Employee

‎02-24-2022 08:54 AM - edited ‎02-24-2022 08:54 AM

From the FAQ(https://developer.webex.com/docs/frequently-asked-questions)

How many valid tokens can be issued for an account at any given time?

An account is allowed up to 750 active access tokens at a given time. If that limit is reached then the user will no longer be able to generate new access tokens and may run into issues with not being able to login to Webex sites, such as https://developer.webex.com, until some of the active access tokens expire. Access tokens generated by integrations are valid for 14 days, so a good way to avoid running into this limit is to only generate new tokens once every 14 days when the existing one expires. A user can free up some tokens by logging into https://idbroker.webex.com/idb/profile#, clicking Devices at the bottom of the page, and then clicking "END SESSION" next to the sessions to terminate.

The 14 day lifetime for an access token generated by an integration and one by a guest issuer app is the same and can't be reduced. For a guest user you can set the "exp" in epoch time when generating the JWT to limit how long the JWT is valid for but after you exchange the JWT for an access token the access token is still valid for 14 days, they just won't be able to generate new access tokens if the JWT has expired.

Francisco Zicre
Level 1
Level 1
In response to Jeff Marshall

‎02-24-2022 08:58 AM

Thanks for the answer, is there a workaround to "clean/end" those used tokens(sessions) other than manually end them in here?: https://idbroker.webex.com/idb/profile#/tokens 

Jeff Marshall
Cisco Employee
Cisco Employee
In response to Francisco Zicre

‎08-25-2022 07:51 AM - edited ‎08-25-2022 07:53 AM

An org admin can revoke tokens using the /authorizations API(https://developer.webex.com/docs/api/v1/authorizations).
This will only work for users that exist in your org. Guest users generated by a Guest Issuer are place in their own unique orgs so it wont work for them.

0 Helpful
Customers Also Viewed These Support Documents