Summary:
Clients will be restricted to 10 new tokens per minute per user. Client using the client_credential grant will be limited to 10 tokens per minute.
Impact:
Clients violating the rate limit will receive error redirects to their registered oauth2 callback endpoint when interacting with the Authorization endpoint, and Bad Request responses when interacting with the Token endpoint.
Clients that request a new token for each platform API request will be impacted. Clients must cache the token locally, or in the case of a distributed client, a shared database with appropriate security restrictions. Clients should only request a new token when their token is expired or about to expire (as indicated by the expires parameter), or as a fallback if they receive a 401 Unauthorized from an API request.
Date of Change: 9/1/2018
Impacted APIs:
APIs used for token issuance (OAuth2 endpoints) will be impacted (/oauth/authorize, /oauth/token)
i have tested mary times . after the program has been run to end, and then restart to run program with using previous token (even generated about 10s ago). it will fail with error 401( token expires).
I mean, it's too easy to expire . After the current program runs, the cached token is stored in a local file, but 10 seconds later, rerun the program and read the local token, and you'll find that the token is invalid.
If token doesn't even have a 10s expiration date, there's no need to cache Token.
whether will "token" expire after the program ren to end?