UUID format for ≤60-minute authentication tokens - Apr 2024
Learn about the use of JWT for access tokens with an expiration of 60 minutes or less.
As part of our continuous effort to improve the security, availability, and efficiency of the Reltio Connected Data Platform, we are updating our authentication scheme to exclusively use JSON Web Tokens (JWT) for access tokens that expire within 60 minutes. Effective from April 9, 2024, the Authentication service will respond to API token requests in the JWT format.
What are we deprecating?
For all users and clients configured with a token expiration period of 60 minutes or less, we are deprecating the Universally Unique Identifier (UUID) access token format. Instead, the Authentication service will provide access tokens in the JWT format. We are not changing how you request access tokens, we are only changing the format of the response.
Why are we deprecating it?
JWT enables our platform's microservices to operate with far fewer calls to the Authentication service. This will reduce latency by up to 50 ms for most user-facing Reltio API calls. Additionally, reducing reliance on the authentication service improves the platform's overall availability.
When are we deprecating it?
Starting April 9, 2024, we are gradually switching the authentication tokens to JWT tokens across all customers.
What does this mean to you?
Most customers will see no impact from this change and will not need to take any action. Including if you use Reltio APIs via Postman. However, if you are consuming the Reltio Authentication using a custom-coded parser to parse the current token from the authentication request, you will need to change your parsing logic to accommodate JWT tokens, which are longer than our current tokens.
- Before - UUID access token
-
{ "access_token": "xxxxx-xxxx-xxx-xxx-xxxx", "token_type": "bearer", "refresh_token": "xxxxx-xxxx-xxx-xxx-xxxx", "expires_in": 3598, "scope": "entities_api graphs_api interactions_api relations_api " }
- After - JWT access token
-
{ "access_token": "s.AAAApCi1L_0gpC0EALJIHR9gtc4YCK5QDQMndHHZ6JEtSuAIK6RUrP_4GmAIguUCkznECazMCRSkOaMde7T-MORJFOgSp731Bs9bBvPYUqDT1nE0jmFGe6fWl6XwLq3H6fAu1zlntUdXe8B6AmqKiEDBaUAiChkjAOO8T-tQlCQ0vDdXAQQAi0wSkRr8yyz5NZ8.HzCVd5EXWmKgs1nWbRnXCWMBpidCChPunOKAw02lnH9q3y0LNsIwYSmxhxK4eb3Mf7LM70edWZ1dbHxAR3crWb-uIOcDWf6UdGJuqna2wz5S0FbED6ijmd9bdXqhJ5gCIIDkMcy5VpUVoeVsn_DDOfbRMsrWWVuOaoP3BvRy-BtvWwsrnEwEAfg_G5aEGcBhu4WkKPC2VCejC2rQw8A__nFkEWK3oUDDJEp_75_uvwfY5Y965ubyqNKAdRZF9orjh1ZdkJCPJ1IaacAytGQ6mPzv8il4r9NrFsnCfOZ-52oPY9Qxi-ccffasd-w", "token_type": "bearer", "refresh_token": "xxxxx-xxxx-xxx-xxx-xxxx", "expires_in": 3598, "scope": "entities_api graphs_api interactions_api relations_api" }
What action do you need to take?
- For users of custom parsers
- If you rely on a custom-coded parser for token authentication, we strongly recommend you change to a standard JSON parser. For example, google.gson or python.json. Let us know if you want to discuss your specific scenario or need a hand changing your client's configuration to adopt the JWT format. For information, see topic Reltio Support.
- For custom implementations that depend on token size or format
- If your custom implementation depends on the size of the token or restricts it in some way, by length or format, the implementation may not be compatible with the new JWT token format. The new format tokens have a size up to 3Kb (3.000 characters long) and won't be in a UUID format anymore.
- Token expiration settings
- If your client's token expiration period is set to more than 60 minutes, consider reconfiguring to 60 minutes or less to use JWT. You set the expiration period with the
accessTokenValidity
parameter in your client configuration, see topic Create a customer client
Still have questions?
Contact Reltio Support and we'll discuss your specific scenario. For more information, see topic Reltio Support.