Skip to content

Commit

Permalink
Merge pull request #8845 from RusJaI/multiple-active-access-tokens-4.4.0
Browse files Browse the repository at this point in the history
[APIM 4.4.0] Add multiple-active-access-tokens documentation
  • Loading branch information
RusJaI authored Nov 20, 2024
2 parents 0d72571 + 91f6c52 commit 80957e9
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Multiple Active Access Tokens

WSO2 API Manager by default allows only one active access token to be in existence for the same Consumer Key, User and Scope combination at a given time. This behaviour can be modified to allow multiple access tokens as described in the following sections.

## JWT

When issuing `JWT` tokens before the expiry or revocation of the previous token, the default behaviour is to revoke the previous token and issue a new token. With the following configuration, it can be configured to issue a new token before expiry and without revoking the old token, allowing the existence of multiple active access tokens at the same time.

```toml
[oauth.jwt.renew_token_without_revoking_existing]
enable = true
```

By default only the `client_credentials` grant type is allowed to generate multiple access tokens. This can be configured by the following configuration.

```toml
[oauth.jwt.renew_token_without_revoking_existing]
enable = true
allowed_grant_types = [“client_credentials”, “password”]
```

!!! note
If you are customizing the `allowed_grant_types` make sure to add or remove the default value `client_credentials` as per the requirement.
2 changes: 2 additions & 0 deletions en/mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,7 @@ nav:
- Token Persistence: design/api-security/oauth2/token-persistence.md
- Encrypting OAuth2 Tokens: design/api-security/oauth2/encrypting-oauth2-tokens.md
- Hashing OAuth Keys: design/api-security/oauth2/hashing-oauth-keys.md
- Multiple Active Access Tokens: design/api-security/oauth2/multiple-active-access-tokens.md
- Provisioning Out-of-Band OAuth Clients: design/api-security/oauth2/provisioning-out-of-band-oauth-clients.md
- Securing OAuth Token with HMAC Validation: design/api-security/oauth2/securing-oauth-token-with-hmac-validation.md
- Threat Protection:
Expand Down Expand Up @@ -883,6 +884,7 @@ plugins:
'learn/api-security/oauth2/token-persistence.md': 'https://apim.docs.wso2.com/en/4.4.0/design/api-security/oauth2/token-persistence/'
'learn/api-security/oauth2/encrypting-oauth2-tokens.md': 'https://apim.docs.wso2.com/en/4.4.0/design/api-security/oauth2/encrypting-oauth2-tokens/'
'learn/api-security/oauth2/hashing-oauth-keys.md': 'https://apim.docs.wso2.com/en/4.4.0/design/api-security/oauth2/hashing-oauth-keys/'
'learn/api-security/oauth2/multiple-active-access-tokens.md': 'https://apim.docs.wso2.com/en/4.4.0/design/api-security/oauth2/multiple-active-access-tokens/'
'learn/api-security/oauth2/provisioning-out-of-band-oauth-clients.md': 'https://apim.docs.wso2.com/en/4.4.0/design/api-security/oauth2/provisioning-out-of-band-oauth-clients/'
'learn/api-security/oauth2/securing-oauth-token-with-hmac-validation.md': 'https://apim.docs.wso2.com/en/4.4.0/design/api-security/oauth2/securing-oauth-token-with-hmac-validation/'
'learn/api-security/threat-protection/bot-detection.md': 'https://apim.docs.wso2.com/en/4.4.0/design/api-security/threat-protection/bot-detection/'
Expand Down

0 comments on commit 80957e9

Please sign in to comment.