If token is expired, will it be None (null)?

self.apiToken = res[“token”]

I don’t have a way to test this and am trying to build some exception handling for token problems.
4 Questions:

  1. I can get the token expiration timestamp like this:
    responseContent.expiration {1591870637}

But, if it has expired, will the token be null/empty/None?

  1. If the token in None, I won’t know if it has expired or if its missing due to some other problem. Any recommendations on the workflow for checking on this?

  2. Do secrets have a lifetime/expiration? I didn’t see that documented.

  3. In the docs “CREATE / SHOW / DROP / REFRESH TOKEN (deprecated)”
    https://docs.tigergraph.com/admin/admin-guide/user-access-management/user-privileges-and-authentication#create-show-drop-refresh-token-deprecated
    Note: this link is for GSQL, but i’m asking in the context of REST++, i didn’t see docs on that for rest.
    There is no command “Refresh Token” documented. How do we refresh the token, drop and create? If the token is expired and I try to drop and/or create a token, I won’t have a token to pass in the REST++ call and will get the error: “Invalid parameters, token is required for refresh or drop token.” Now I’m stuck.

Thank you

Hi George,

  1. I assume you refer to the getToken() function of the pyTigerGraph package. This function and the related REST++ endpoint do not actually get an existing token, they request the generation of a new one, so you always get a valid timestamp as expiration timestamp. The expiration key’s value is a Unix timestamp (in your case 1591870637 = Thursday, June 11, 2020 10:17:17 AM), not a remaining lifespan in seconds. So you never get null or None for this.
  2. Based on the above explanation, you don’t need to handle cases when the expiration timestamp is null or None.
  3. No, secrets do not have expiration date, only tokens. If you execute a SHOW SECRET command in GSQL, you will see the secrets (and their tokens with their expiration date/time listed), something like this:
GSQL > SHOW SECRET
    - Secret: pai4rg669ef2fnuerm54acvg2d426kpj
      - Token: el1op7a9eqrlq4a7e5t452lukv991k7h expire at: 2020-06-27 21:47:34
      - GraphName: MyGraph
    - Secret: g1jjj9cd763s8kks9tikdc12alo8bau9
      - Token: 8opv0hskjcv3cb1pt9gofen9cig6baqi expire at: 2020-06-28 15:37:58
      - GraphName: g1
  1. The token management REST endpoints are described in the REST++ Authentication part of the documentation. It’s already on my list to provide a link to this page from the page detailing the deprecated token management GSQL commands.
1 Like

OK this clears things up a lot. Thank you.