Xibo CMS 4.0.2 API - Access token expires early

I have been running longer tests with Xibo CMS 4.0.2 API and I have noticed the access token is expiring early approximately 52 minutes instead of 60 minutes (3600 seconds) specified in authorize response (/api/authorize/access_token).

I am able to reproduce using Postman by making authorization call, setting an alarm for 50 minutes, then submitting a get Campaigns calls when alarm goes off. Around 52 minutes from original authorize call I receive same access denied error.

Yes, I can capture error and renew access token early but I shouldn’t have too.

The specific error message returned is:
“error”: “access_denied”,
“error_description”: “The resource owner or authorization server denied the request.”,
“hint”: “Access token has been revoked”,
“message”: “The resource owner or authorization server denied the request.”

That’s interesting…

Access token has been revoked

We put tokens into a cache so that they can be revoked ahead of their expiry date, and the error hint you’re getting implies that is what is happening.

How is your CMS installed?

My sandbox environment uses the standard Docker install including containerized MySQL database. I upgraded my Xibo CMS from v1.18.13 to v4.0.2 vs a clean install in case that matters.

Let me know if there are specific data points or tests you’d need to investigate.

Does your docker-compose.yml file contain a service entry for cms-memcached?

The logic looks sound to me, so the next step is for me to set up a test to see if its a general issue or not.

Yes I used the defaults from v4.0.2docker-compose.ymlfile. The only real customization was the directory where I store cms-web volumes.

Have you been able to reproduce this issue? We are seeing similar results in our production environment (Xibo Cloud hosted).

Yes I have been able to reproduce, but I was not able to find the root cause as yet. I forgot to come back to you, sorry.

I think it is something to do with the way we cache the access token in the CMS (we cache it so that we can revoke it if necessary).