Versions Compared

Old Version 60

changes.mady.by.user Former user

Saved on

compared with

New Version 61

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configurations

Follow the steps below to set up the token configurations for all the service providers. 
Tip

Before you begin

  1. Install and run WSO2 Identity Server.
  2. Access the WSO2 Identity Server Management Console as an administrator.
  1. To create an OAuth service provider on the WSO2 Identity Server Management Console:
    1. On the Main menu, click Identity > Service Providers > Add.
    2. Enter all_token_validity_app in the Service Provider Name text box and click Register.
    3. In the Inbound Authentication Configuration section, click OAuth/OpenID Connect Configuration > Configure

    4. Enter  http://localhost:8080/playground2  in the Callback Url text box and click Add. 

      Info

      The Callback Url is the service provider's URL to which the  authorization codes  are sent. Upon successful authentication, the browser should be redirected to this URL. For more information on authorization codes, see Authorization Code Grant.

      Note that a client Id and client secret have been created.  

      Info

      For more information on adding OAuth service providers, see Configuring Inbound Authentication for a Service Provider - OAuth/OpenID Connect Configuration.

  2. Open the identity.xml file in the <IS_HOME>/repository/conf/identity directory.

  3. To change the token validity periods, configure the elements given below. 

    Note
    • By default, the token validity periods are set to 3600 milliseconds. If you set a minus value, e.g., -1, the token never expires.
    • The configuration changes mentioned below applies only to the newly created tokens.
    Token TypeElement XPATH of the Token Validity PeriodExample
    Application access token
    Code Block
    languagexml
    /Server/OAuth/AccessTokenDefaultValidityPeriod
    Code Block
    languagexml
    <AccessTokenDefaultValidityPeriod>3600</AccessTokenDefaultValidityPeriod>
    User access token
    Code Block
    /Server/OAuth/UserAccessTokenDefaultValidityPeriod
    Code Block
    <UserAccessTokenDefaultValidityPeriod>3600</UserAccessTokenDefaultValidityPeriod>
    ID token
    Code Block
    languagexml
    /Server/OAuth/OpenIDConnect/IDTokenExpiration
    Code Block
    languagexml
    <IDTokenExpiration>3600</IDTokenExpiration>
    Refresh token
    Code Block
    languagexml
    /Server/OAuth/RefreshTokenValidityPeriod
    Code Block
    languagexml
    <RefreshTokenValidityPeriod>84600</RefreshTokenValidityPeriod>
    Info

    To learn about the token types, see Key Concepts - Tokens.

  4. To define whether to renew the refresh token or not when the refresh token grant is used, configure the following element.  

    Possible ValuesElement XPATHExample
    • true (default value)
    • false
    Code Block
    languagexml
    /Server/OAuth/RenewRefreshTokenForRefreshGrant
    Code Block
    languagexml
    <RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
    Info

    For more information on refresh token grant, see Refresh Token Grant.

Try it out

Let's try to retrieve the user access token validity period that is defined for all the service providers.

  1. To generate access tokens with the authorization code grant type, update the place holders of the following command and run it in a browser. 

    Code Block
    titleFormat
    https://localhost:9443/oauth2/authorize?response_type=code&redirect_uri=<SERVICE_PROVIDER_CALLBACK_URL>&client_id=<SERVICE_PROVIDER_CLIENT_ID>&scope=<scopes>
    Code Block
    titleExample
    https://localhost:9443/oauth2/authorize?response_type=code&redirect_uri=http://localhost:8080/playground2&client_id=Z4uLkgXHWSk8dXT7kFW04ntLrJQa&scope=somescope_code


    The web application sign in page appears.

  2. Enter admin in the User Name and Password text boxes and click SIGN IN. The web application authorization page appears.

  3. Click Approve. Note that you will be redirected to the callback URL with the authorization code.

  4. To retrieve the access token validity period, update the place holders of the following curl and execute in a command prompt. 

    Code Block
    titleFormat
    curl -k -X POST https://localhost:9443/oauth2/token -H 'Authorization: Basic <base64encoded(SERVICE_PROVIDER_CLIENT_ID:SERVICE_PROVIDER_CLIENT_SECRET)>' -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=authorization_code&code=<AUTHORIZATION_CODE>&redirect_uri=<SERVICE_PROVIDER_CALLBACK_URL>'
    Code Block
    titleExample
    curl -k -X POST https://localhost:9443/oauth2/token -H 'Authorization: Basic WjR1TGtnWEhXU2s4ZFhUN2tGVzA0bnRMckpRYTpQbTdjc1Y2b2JtMVhER1ZPa2s2cnplTVJNTVlh' -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=authorization_code&code=e7913209-37df-31a9-a84d-238c74b16e72&redirect_uri=http://localhost:8080/playground2'


    Note that the response will include the user access token validity period defined for all the service providers in the expires_in parameter

    Code Block
    titleExample
    {"access_token":"5b6ae5e6-08c2-36d4-9dfe-baff099ddb29","refresh_token":"e4c868e6-c7b8-3c3b-809e-dcfd8bb2efad","scope":"somescope_code","token_type":"Bearer","expires_in":3600}