How to change the Access token lifetime in OpenAM 12

Tagged: , , ,

This topic has 3 replies, 3 voices, and was last updated 1 year, 10 months ago by Andy Cory.

  • Author
  • #23289

    Hi All,

    How can I change the access token lifetime from default 60s in OpenAM 12? I couldn’t figure out the corresponding configurations. Appreciate if someone could help me to do the necessary changes?



    Hi all,

    I found a config in OAuth2Provider.xml and changed it as below, but seems it’s not reflecting. AM I missing anything or it’s a bug in openAM 12 ?
    <AttributeSchema name=”forgerock-oauth2-provider-access-token-lifetime”
    syntax=”number_range” rangeStart=”0″ rangeEnd=”2147483647″


     William Hepler

    You may want to consider this topic as well that discussed why you may not want to extend the time to great.

    Related Forum post

    That should be the setting, how are you checking if it’s reflected? I don’t believe this would change any old Tokens as they are bearer tokens and exist with it’s settings already set. Are you checking if new tokens have the updated lifetime?

     Andy Cory

    I don’t have an OpenAM 12 to hand, but surely there is a UI control in the admin console that controls this value for the OAuth2 provider service? I can’t imagine changing the service XML descriptor is the best way to achieve this.

    As William says, tokens that have already been generated will have a lifetime of whatever the value was when they are created, stored against the token in the CTS store.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?