Access Token Persistence

Copyright © Cloud Software Group, Inc. All Rights Reserved

Chapter 13 OAuth Server : Access Token Persistence

Access Token Persistence

The OAuth server uses ActiveSpaces as caching and persistence layer. The access tokens are persisted in the database or memory. Use the database in production systems to store the access tokens. If you choose the memory to store the access tokens, they are lost if the OAuth server goes down.

To use ActiveSpaces for access tokens persistence, follow these steps:

1.

Start the Config UI, if not running.

2.

Log in to the Config UI using your credentials.

3.

On the home page of the Config UI, select the Gateway Engine Properties from the drop-down list.

4.

Click the Security link.

5.

Set the OAuth Metaspace properties as explained in the OAuth Data Space.

6.

Save the changes.

You can set the following properties for OAuth Data Space in ASG_CONFIG_HOME/asg.properties file:

Table 129 Properties for Access Token Persistence

tibco.clientVar.oauth.dataspace.metaspace.name

•

Specifies the metaspace name used by the OAuth server.

•

The default value is ASG-OAuth-Tokens

tibco.clientVar.oauth.dataspace.local.discovery

Specifies the discovery URL for this OAuth instance of the metaspace discovers the current metaspace members.

For example, tcp://machine1_IP_Address:6300;machine2_IP_Address:6300

tibco.clientVar.oauth.dataspace.local.listen

Specifies the listening URL for this OAuth instance of the metaspace.

For example, tcp://machine1_IP_Address:6300

tibco.clientVar.oauth.dataspace.load.batch.size

Specifies the maximum number of entries to return when querying data such as an access token.

tibco.clientVar.oauth.dataspace.persister.store

•

Defines the type of persistence store. The possible values are:

−

InMemory

−

Database

If the Database is set, define the properties for database server connection.

Properties For OAuth Server Persister Store of Database Type

tibco.clientVar.oauth.dataspace.persister.jdbc.driver

Specifies the database jdbc driver when the database is used as OAuth persistence store.

tibco.clientVar.oauth.dataspace.persister.jdbc.url

Specifies the jdbc url for the database server when the database is used as OAuth persistence store.

tibco.clientVar.oauth.dataspace.persister.jdbc.username

Specifies the user to connect to the database server when the database is used as OAuth persistence store.

tibco.clientVar.oauth.dataspace.persister.jdbc.password

Specifies the password of the user to connect to the database server when the database is used as OAuth persistence store.

tibco.clientVar.oauth.access.token.retention.period

Specifies the expiration time (in minutes) for an access token. The default value is 60 minutes. When the access token passes expiration time as specified by this property, it is no longer valid but still remains in the database. The access token is removed from the database based on the value specified by the tibco.clientVar.oauth.access.token.space.ttl property.

tibco.clientVar.oauth.access.token.space.ttl

Specifies the retention period (in minutes) for an access token. The default value is 1440 minutes (1 day) . When the access token passes retention period as specified by this property, the token is removed from the database. By default, the access token is removed from the database after 1 day.

Note: In a multi-instance TIBCO API Exchange environment, if you change the TTL value on a gateway instance, shut down all instances that connect to that metaspace and then restart the instances.