OAuth2 access token expiration datetime not formatted to UTC

When creating an access token using API V8, the access_token_expires field in the database is in local time, not UTC. This probably fixable by switching the php.ini timezone to UTC, but that’s more fixing the symptom than the problem.

Whatever function is used by SuiteCRM in order to fix the datetime format/time zone before storing in the database is not being used on the access token expiration date. If anyone has any idea where this happening, I’d like to take a stab at fixing the issue. Having one datetime field in the database operate on different rules is a problem.

It’s either that or the documentation should be updated. Currently, installation documentation does not say to set php to UTC time zone, which is leading to poor user experience.

I can provide some details and examples if necessary.

Found the issue. Was located in Api/V8/OAuth2/Repository/AccessTokenRepository.php on line 95. The DateTime object being used was being directly formatted to ‘Y-m-d H:i:s’ instead of grabbing a timestamp, and then converting using gmdate(‘Y-m-d H:i:s’). Making this adjustment fixes the issue.

That being said, there are other files with similar context (RefreshTokenRepository.php) that probably need the same fix. All of this needs proper testing as well. I will make a github issue and propose a fix some time next week.