Unify and manage your data

Multi Token Support

Multi Token Support generates multiple tokens for a customer, ensuring that no disruption occurs when connecting to a tenant.

Understanding Multi Token Support

The Reltio Auth helps customers get access tokens for their tenants, which are issued using the client_credentials as the grant type. In other words, it refers to machine to machine requests or authentication requests coming through the APIs.

Note: This feature is only supported for grant type method client_credentials. It is not supported for other grant types such as Password or Authorization code.

Each access token issued by Reltio comes with a validity that is set at the time of issue. Subsequently, whenever the customer requests for an access token, the same token is re-issued as long as it is valid and active. When the token expires, the customer may face disruption in accessing their tenant.

For example, a customer requests for a token at 10:00:00 am. A token is issued at 10:00:01 with a validity period of 3600 seconds or 60 minutes. The customer again requests for a token at 10:50:00 a.m. Since the token issued earlier is still valid for 10 more minutes, the same token is issued to the customer. At 11:00:02 a.m, the customer tries to access data and gets an error stating that the token has expired.

The Multi Token support feature helps in solving this problem. A new token is issued every time a request is made, even if active tokens issued for the same grant type exist for the same customer. The validity of each new token starts from the time it is issued.

Important: You can limit the number of tokens that can be issued for a client. This limit is specified at the customer level and applies to all the clients associated with the customer. For example, if you have assigned 200 as the limit for Customer A, then all the clients associated with this customer - client A1, client A2, and so on - will individually be assigned the same limit. This limit can also be changed as per your requirement using the maxActiveTokensAllowed parameter.

When the customer makes a request, Reltio checks the allocated quota. If the number of tokens exceed the specified limit, Reltio declines the request stating that the limit has been exceeded. The customer must then wait for one of the valid tokens to expire before requesting for a new token. Alternatively, the customer can also increase the quota limit as per the requirement.

Note: The maximum limit that can be configured for active tokens is 200. This is a hard limit at the platform level and cannot be exceeded.

Configuring Multi Token Support

This section details the different configurations that must be done to enable the Multi Token Support feature.

Customer entity

Customers can activate this feature by updating the customer configuration with multitokenConfig as showcased below:

API: [PUT] /oauth/customers/[customerId]

API: [POST] /oauth/customers/[customerid]

Sample Request Body:

{
                "id": "Customer",
                "tenants": [
                "mttenant"
                ],
                "externalProviderConfig": [],
                "description": "Existing customer",
                "caseSensitiveLoginEnabled": true,
                "applicationClients": ["mtclient"],
                "customerSpecificRoles": [
                "ROLE_MULTITOKEN_TEST"
                ],
                "multitokenConfig": {
                "clientCredentialsMultiTokenConfig": {
                "maxActiveTokensAllowed": 5
                }
                }
                }
            

Access token validity

To configure the validity of access token for new and existing customers, the accessTokenValidity attribute must be set to the Client object as shown below:

API: [POST] {{oauth_uri}}/oauth/clients

Sample Request Body:

[{
                "clientId": "mtclient",
                "scope": ["clients_api", "configuration_api", "entities_api", "graphs_api", "groups_api", "interactions_api", "relations_api", "users_api"],
                "authorities": ["ROLE_API"],
                "resourceIds": ["reltio_api"],
                "authorizedGrantTypes": ["password", "refresh_token", "client_credentials"],
                "redirectUri": ["http://localhost"],
                "clientSecret": "mtclient",
                "accessTokenValidity": 3600,
                "refreshTokenValidity": 3600
                }]