How to handel inactive access token?


#1

When I am introspecting a access token after an interval hydra is returning { “active”: false }. If I hit on oauth2/introspect again I am getting { “active”: true …}. On the first hit on oauth/introspect I found in the log

hint=“An introspection strategy indicated that the token is inactive.”

So I am guessing after first hit the access token getting activated so after that in second hit it’s sending that the token is active.

So how should I handle this

  1. Active a access token somehow before introspect
  2. Is it possible to know when the access token will inactive in client side so that client can get a new access token if it’s inactive. I can check the access token expires time but didn’t see any inactive time.
  3. Send error to the client and then client will get a new access token

Update:
Actually I found out that the hydra server gets idle mode (or something like that) if it don’t receive any request for sometime (5-10 minute). After that any request to hydra server result in error but in next hit and onwards it works fine. Any idea how fix it?


#2

Hi there!

Not sure if it’s the exact same issue I have experienced before, but i use to have an issue similar to this before as well. For me it started happening when I first switched over to using a mysql db after testing on an in memory one.

The way i resolved the issue was to set an option on the DATABASE_URL environment variable for Hydra that made sure i didn’t have any idle connections.

ex: DATABASE_URL = mysql://{user}:{pass}@tcp({db_url}:{port})/{db_table}?parseTime=true&max_idle_conns=0

Not sure if you’re using the same db as I was or not, but that was how i fixed the issue.


#3

@Obrys thanks a lot. It’s working fine now. I am using PostGreSQL and after putting max_idle_conns=0 in my DATABASE_URL I am not getting the errors anymore.