You need to sign in to do that
Don't have an account?
Nintex KJ
Does Access Token Still Valid After Reset Password?
Hi,
I find out the OAuth access token is still valid even after the user password is being reset, can I know is it a right behavior? If yes, is there has any reason on it?
Since I believe I will reset the user password when it has been compromised and all the access token should be revoked as well...
I find out the OAuth access token is still valid even after the user password is being reset, can I know is it a right behavior? If yes, is there has any reason on it?
Since I believe I will reset the user password when it has been compromised and all the access token should be revoked as well...
If you will check access token definition it says that :
The access token is used by the client to make authenticated requests on behalf of the end user. It has a longer lifetime than the authorization code, typically on the order of minutes or hours. When the access token expires, attempts to use it will fail, and a new access token must be obtained.
so In Force.com terms, the access token is effectively a SID or 'session ID', much like a session cookie on other systems
So it doesn't reset with password but it does expire after a period of time. if it expires then we make a call (refresh token) to get a new access token.
I hope it will clear you doubt.
Thanks,
Himanshu
Salesforce Certified Developer | Administrator | Service Cloud Consultant
P.S. If my answer helps you to solve your problem please mark it as best answer. It will help other to find best answer.