Tagged: OpenAm Refresh Token
February 9, 2017 at 4:26 am #15719
Is Refresh token in OpenAM is possible only by configuring Oauth2?
That has to be done by
1. Registering Oauth2 client
2. Configuring Oauth2 Provider in Openam authentication
I am asking this question just to confirm before starting working on it
DhilipFebruary 9, 2017 at 7:36 pm #15750
Refresh Tokens are an OAuth concept and are used only by the Authorization Code and Resource Owner Password Credentials grant flows and only if you have that option enabled in your OAuth2 Provider.
Does that answer your question?February 10, 2017 at 5:58 am #15753
yes. So if I want to make use of Refresh Token, the straight forward authentication through OpenAm rest api wont help .Right? I need to enable OAuth2 Provider in OpenAM .Right?February 10, 2017 at 4:26 pm #15764
Let’s take a step back. Are you using OAuth 2.0 right now? Based on your original question and subsequent response it is not clear that you are. Refresh Tokens would only come into play in an OAuth implementation and are only used to obtain a new Access Token which is ultimately what an OAuth client needs. Or are you authenticating directly to OpenAM, getting a session token and you are trying to refresh the session associated with that?February 10, 2017 at 7:48 pm #15766
What i am actually doing is,
I have a mobile application which does straight forward authentication with OpenAM and gets token.
As the token expires in couple of hours, I wish if I get a refresh token which I can use it even after a month to refresh the token.
So when i researched, i found OpenAM provides only way to reset the idle time. To get a refresh token, i have to configure oauth2 provider, register client….February 14, 2017 at 3:13 am #15781
Hi Scott. If you can provide me some solution on understanding the above , that would be really helpfull.February 14, 2017 at 5:25 am #15782
Refresh tokens would not help you in this case. They are only for obtaining a new OAuth Access Token. They are not for refreshing an expired OpenAM session token. For mobile applications you generally don’t want to use OpenAM session tokens, but rather OAuth/OpenID Connect tokens. Check out the section on mobile applications in the admin guide. Here is the link to that section in the 13.5 admin guide: https://backstage.forgerock.com/docs/openam/13.5/admin-guide#chap-mobileFebruary 17, 2017 at 7:48 am #15846
“Refresh tokens would not help you in this case. They are only for obtaining a new OAuth Access Token.”
– I am good with getting new token with help of refresh token because i dont want user to enter credentials again and again.
“For mobile applications you generally don’t want to use OpenAM session tokens, but rather OAuth/OpenID Connect tokens.”
– Nice feature. will try to implement for the next project.
I have one more question. After getting oauth2 token through api “openam/oauth2/access_token”.
I am unable to read or update my identites. If I am not wrong I have to make some configuration in Oauth2 Scope Handling . Correct me if I am wrong.
You must be logged in to reply to this topic.