Accessing Token Persistence

The OAuth server uses ActiveSpaces as caching and persistence layer. The access tokens are persisted in the database or memory. Use the database in production systems to store the access tokens. If you choose the memory to store the access tokens, they are lost if the OAuth server goes down.

To use ActiveSpaces for access tokens persistence, follow these steps:

Procedure

Start the Config UI, if not running.
Log in to the Config UI using your credentials.
On the home page of the Config UI, select the Gateway Engine Properties from the drop-down list.
Click the Security link.
Set the OAuth Metaspace properties as explained in the OAuth Data Space.

Save the changes.

You can set the following properties for OAuth Data Space in ASG_CONFIG_HOME/asg.properties file:

Properties for Access Token Persistence
`tibco.clientVar.oauth.dataspace.metaspace.name`
	Specifies the metaspace name used by the OAuth server. The default value is `ASG-OAuth-Tokens`
`tibco.clientVar.oauth.dataspace.local.discovery`
	Specifies the discovery URL for this OAuth instance of the metaspace discovers the current metaspace members. For example, tcp://machine1_IP_Address:6300;machine2_IP_Address:6300
`tibco.clientVar.oauth.dataspace.local.listen`
	Specifies the listening URL for this OAuth instance of the metaspace. For example, `tcp://`machine1_IP_Address`:6300`
`tibco.clientVar.oauth.dataspace.load.batch.size`
	Specifies the maximum number of entries to return when querying data such as an access token.
`tibco.clientVar.oauth.dataspace.persister.store`
	Defines the type of persistence store. The possible values are: InMemory Database If the `Database` is set, define the properties for database server connection.
Properties For OAuth Server Persister Store of Database Type
`tibco.clientVar.oauth.dataspace.persister.jdbc.driver`
	Specifies the database jdbc driver when the database is used as OAuth persistence store.
`tibco.clientVar.oauth.dataspace.persister.jdbc.url`
	Specifies the jdbc url for the database server when the database is used as OAuth persistence store.
`tibco.clientVar.oauth.dataspace.persister.jdbc.username`
	Specifies the user to connect to the database server when the database is used as OAuth persistence store.
`tibco.clientVar.oauth.dataspace.persister.jdbc.password`
	Specifies the password of the user to connect to the database server when the database is used as OAuth persistence store.
`tibco.clientVar.oauth.access.token.retention.period`
	Specifies the expiration time (in minutes) for an access token. The default value is 60 minutes. When the access token passes expiration time as specified by this property, it is no longer valid but still remains in the database. The access token is removed from the database based on the value specified by the `tibco.clientVar.oauth.access.token.retention.time` property.
`tibco.clientVar.oauth.access.token.retention.time`
	Specifies the retention period (in minutes) for an access token. The default value is `1440` minutes (`1` day) . When the access token passes retention period as specified by this property, the token is removed from the database. By default, the access token is removed from the database after `1` day. The value of `tibco.clientVar.oauth.access.token.retention.period` property must be less than the value specified by the `tibco.clientVar.oauth.access.token.retention.time` property. Note: In a multi-instance TIBCO API Exchange environment, if you change the TTL value on a gateway instance, shut down all instances that connect to that metaspace and then restart the instances.