Posted Jun 14 by Pete Oliver.
Updated Jun 15.

This article details how to configure OTDS 16 (and OTDS 10.5 Patch 6 and onwards) with customized Access Token and Refresh Token life times. It also shows how to revoke user's OAuth 2.0 tokens.

Last activity Jun 15 by Pete Oliver.
1901 views. 0 comments.

Adjusting OAuth 2.0 Token Life Times and Revoking Tokens with OTDS 16

This article details how to configure OTDS 16 (and OTDS 10.5 Patch 6 and onwards) with customized Access Token and Refresh Token life times. It also shows how to revoke user's OAuth 2.0 tokens.

Prerequisites

  • OTDS 16 (or 10.5 Patch 6 or later). You can download it from the OpenText Knowledge Centre here.

Install and Configure OTDS

Refer to the OTDS documentation for details on installation and basic configuration.

This article will assume that your OTDS host address is http://localhost:8080.

Out of the box, OTDS requires additional configuration to enable OAuth 2.0 authentication. A useful guide may be found here here.

OTDS REST API

OTDS provides a RESTful API for all administrative operations. OTDS 16 does not include OAuth 2.0 operations as part of its regular administration user interface, therefore this guide will show you how to use the RESTful API to access and modify the token life time settings. The only tool you will need for this is a modern web browser.

OTDS includes full Swagger interface to the REST API. To access it, launch your browser against http://localhost:8080/otdsws/rest. You will need to sign in with your OTDS Administrator Credentials. Once logged in you will see something resembling this:

OTDS Swagger Interface

Life Time Settings are per User Partition

OTDS allows different values for token life times, which are set at the level of the User Partition.

Determine the Current Values for OAuth 2.0 Token Life Times

Expand out the partitions section, then the section entitled GET /partitions/{partition_name}/oauthsettings, or enter this link into your browser

http://localhost:8080/otdsws/api/index.html?rest#!/partitions/getOAuthSettings_get_3

Enter a value for partition_name and click Try it out!:

OAuth 2.0 Token Life Time Current Settings

In this example, the Response Body shows null values for both the access token and authentication code life times. When either of these values shows null, the following defaults apply:

+---------------------+----------------+
| Parameter           | Time (Seconds) |
+---------------------+----------------+
| accessTokenLifeTime | 3600           |
| authCodeLifeTime    | 300            |
+---------------------+----------------+

Authorization Code Life Time (authCodeLifeTime)

The Authorization Code is specified by RFC 6749 Section 4.1 Authorization Code Grant. You probably don't need to change its life time from the default of five minutes.

Access Code Life Time (accessCodeLifeTime)

The Access Code is specified by RFC 6749. In OTDS its default life time is 60 minutes. You can change its value using the Swagger UI.

Navigate to the partitions section, and expand the section entitled PUT /partitions/{partition_name}/oauthsettings:

Update OAuth 2.0 Token Lifetime Settings

The following example shows how to set the Access Token life time to 30 minutes (1,800 seconds), adjust as required for your installation.

Into the body section, enter the following:

{ "accessTokenLifeTime":1800 }

and click on Try it out!:

Update OAuth 2.0 Access Token Lifetime Setting

A Response Code of 204 indicates the setting change was successful.

Revoking a User's OAuth Tokens

A user's OAuth 2.0 tokens can be revoked, which is something you should do if you think the user's account or tokens have been compromised or leaked. With OTDS 16, the REST API can be used to do this.

Navigate in the Swagger UI to users then DELETE /users/{user_id}/oauthtokens:

Enter the user_id and click on Try it out!. A response status of 204 indicates success:

Revoking a User's OAuth 2.0 Tokens

About OpenText

OpenText is the leader in Enterprise Information Management, helping customers to create a Digital-First World by simplifying, transforming, and accelerating their information needs. Over 100,000 customers already use OpenText solutions, either on premises or in our cloud. For more information about OpenText (NASDAQ: OTEX; TSX: OTC), please visit: www.opentext.com.

About the Author

Pete Oliver is a long standing employee of OpenText, occupying the position of Senior Software Architect. Pete has worked on various OpenText products and platforms, including ECM Collaboration, OpenText Directory Services (OTDS), AppWorks Developer, and more recently AppWorks Mobile.


Table of Contents

Your comment

To leave a comment, please sign in.