Name
global.OauthTokenChecker
Description
If glide.sg.device_encryption_enabled system property is being updated to false , need to check for the OAuth refresh token lifespan of all mobile native clients and ensure that their values are not greater than 100 days.
Script
var OauthTokenChecker = Class.create();
OauthTokenChecker.prototype = {
initialize: function() {},
checkRefreshTokenLifespan: function(current, previous) {
var gr = new GlideRecord("oauth_entity");
gr.addEncodedQuery("client_id=ff97fbb4da3313004591cc3a291b47fd^ORclient_id=5c54dc934a022300cb7946e6ec6ec172^ORclient_id=8497bdfb7a5573002f07962dec25c863^ORclient_id=0bf98863a813001046cfa356db171c54");
gr.query();
while(gr.next()) {
if(gr.getValue("refresh_token_lifespan") > 8640000) {
gs.log('For security reason, device encryption feature should not be turned off when oauth token lifespan is longer than 100 days. Check oauth_entity table and make sure all native mobile clients have refresh token lifespan set to not larger than 8,640,000, and then proceed the action');
gs.addErrorMessage(gs.getMessage("To set this property to false, you need to decrease the refresh token lifespan of all mobile clients to less than [8,640,000]. You can do this <a href = '/nav_to.do?uri=%2Foauth_entity_list.do%3Fsysparm_query%3Dtype%3Dclient%5EORtype%3Doauth_provider%5Eclient_idINff97fbb4da3313004591cc3a291b47fd,5c54dc934a022300cb7946e6ec6ec172,8497bdfb7a5573002f07962dec25c863,0bf98863a813001046cfa356db171c54%26sysparm_first_row%3D1%26sysparm_view%3D' target='_blank'>here</a>."));
current.setAbortAction(true);
return;
}
}
}
};
Sys ID
46af30655b330010da168d8fa881c717