Is Refresh token in OpenAM is possible only by configuring Oauth2?

This topic contains 7 replies, has 2 voices, and was last updated by Profile photo of DhilipSwaminathan DhilipSwaminathan 2 days, 23 hours ago.

  • Author
    Posts
  • #15719
    Profile photo of DhilipSwaminathan DhilipSwaminathan 
    Participant

    Is Refresh token in OpenAM is possible only by configuring Oauth2?

    That has to be done by

    1. Registering Oauth2 client
    2. Configuring Oauth2 Provider in Openam authentication

    I am asking this question just to confirm before starting working on it

    Thanks,
    Dhilip

    #15750
    Profile photo of Scott Heger Scott Heger 
    Participant

    Refresh Tokens are an OAuth concept and are used only by the Authorization Code and Resource Owner Password Credentials grant flows and only if you have that option enabled in your OAuth2 Provider.

    Does that answer your question?

    #15753
    Profile photo of DhilipSwaminathan DhilipSwaminathan 
    Participant

    yes. So if I want to make use of Refresh Token, the straight forward authentication through OpenAm rest api wont help .Right? I need to enable OAuth2 Provider in OpenAM .Right?

    #15764
    Profile photo of Scott Heger Scott Heger 
    Participant

    Let’s take a step back. Are you using OAuth 2.0 right now? Based on your original question and subsequent response it is not clear that you are. Refresh Tokens would only come into play in an OAuth implementation and are only used to obtain a new Access Token which is ultimately what an OAuth client needs. Or are you authenticating directly to OpenAM, getting a session token and you are trying to refresh the session associated with that?

    #15766
    Profile photo of DhilipSwaminathan DhilipSwaminathan 
    Participant

    What i am actually doing is,

    I have a mobile application which does straight forward authentication with OpenAM and gets token.

    As the token expires in couple of hours, I wish if I get a refresh token which I can use it even after a month to refresh the token.

    So when i researched, i found OpenAM provides only way to reset the idle time. To get a refresh token, i have to configure oauth2 provider, register client….

    #15781
    Profile photo of DhilipSwaminathan DhilipSwaminathan 
    Participant

    Hi Scott. If you can provide me some solution on understanding the above , that would be really helpfull.

    #15782
    Profile photo of Scott Heger Scott Heger 
    Participant

    Refresh tokens would not help you in this case. They are only for obtaining a new OAuth Access Token. They are not for refreshing an expired OpenAM session token. For mobile applications you generally don’t want to use OpenAM session tokens, but rather OAuth/OpenID Connect tokens. Check out the section on mobile applications in the admin guide. Here is the link to that section in the 13.5 admin guide: https://backstage.forgerock.com/docs/openam/13.5/admin-guide#chap-mobile

    #15846
    Profile photo of DhilipSwaminathan DhilipSwaminathan 
    Participant

    “Refresh tokens would not help you in this case. They are only for obtaining a new OAuth Access Token.”

    – I am good with getting new token with help of refresh token because i dont want user to enter credentials again and again.

    “For mobile applications you generally don’t want to use OpenAM session tokens, but rather OAuth/OpenID Connect tokens.”

    – Nice feature. will try to implement for the next project.

    I have one more question. After getting oauth2 token through api “openam/oauth2/access_token”.
    I am unable to read or update my identites. If I am not wrong I have to make some configuration in Oauth2 Scope Handling . Correct me if I am wrong.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?