Authentication token for service user

Question

I'm setting up a new web service which will do CRUD (REST APIs) actions for student profile in brightspace. This web service is headless therefore does not require OAuth flow. I'm after a long-lived service account token which I can store to make api calls.

I tried to harvest the token manually using brightspace oauth (as advised in this post https://community.brightspace.com/s/article/API-Cookbook-Headless-Non-Interactive-Web-Service-Workflow) but it expires in an hour. I logged in brithspace dashboard as a service user account and I can't seem to change token timeout value 'd2l.Security.Api.TokenTimeout' (edit button is not visible).

Is there any way I can harvest long lived service account token to use REST APIs in brightspace ?

Answer 1

You can use OAuth 2.0 refresh tokens as service tokens. There are more details of how to do so on https://community.brightspace.com/s/article/How-to-obtain-an-OAuth-2-0-Refresh-Token, and an example on https://github.com/Brightspace/bds-headless-client-example.

Answer 2

Thanks for the response above.

Turns out I had other problem. I was accidentally calling change password api for the service account user. When password is changed for service account user, token gets expired.

Also, I found out token is by default long lived. For anyone interested -1 is default setting for service api token so that it never expires.