Multi Token Support
Multi Token Support generates multiple tokens for a customer, ensuring that no disruption occurs when connecting to a tenant.
Understanding Multi Token Support
The Reltio Auth helps customers get access tokens for their tenants, which are issued using the client_credentials as the grant type. In other words, it refers to machine to machine requests or authentication requests coming through the APIs.
client_credentials
. It is not
supported for other grant types such as Password
or Authorization
code
. Each access token issued by Reltio comes with a validity that is set at the time of issue. Subsequently, whenever the customer requests for an access token, the same token is re-issued as long as it is valid and active. When the token expires, the customer may face disruption in accessing their tenant.
For example, a customer requests for a token at 10:00:00 am. A token is issued at 10:00:01 with a validity period of 3600 seconds or 60 minutes. The customer again requests for a token at 10:50:00 a.m. Since the token issued earlier is still valid for 10 more minutes, the same token is issued to the customer. At 11:00:02 a.m, the customer tries to access data and gets an error stating that the token has expired.
The Multi Token support feature helps in solving this problem. A new token is issued every time a request is made, even if active tokens issued for the same grant type exist for the same customer. The validity of each new token starts from the time it is issued.
maxActiveTokensAllowed
parameter.When the customer makes a request, Reltio checks the allocated quota. If the number of tokens exceed the specified limit, Reltio declines the request stating that the limit has been exceeded. The customer must then wait for one of the valid tokens to expire before requesting for a new token. Alternatively, the customer can also increase the quota limit as per the requirement.
Configuring Multi Token Support
This section details the different configurations that must be done to enable the Multi Token Support feature.
Customer entity
Customers can activate this feature by updating the customer configuration with multitokenConfig
as showcased below:
API: [PUT] /oauth/customers/[customerId]
API: [POST] /oauth/customers/[customerid]
Sample Request Body:
{
"id": "Customer",
"tenants": [
"mttenant"
],
"externalProviderConfig": [],
"description": "Existing customer",
"caseSensitiveLoginEnabled": true,
"applicationClients": ["mtclient"],
"customerSpecificRoles": [
"ROLE_MULTITOKEN_TEST"
],
"multitokenConfig": {
"clientCredentialsMultiTokenConfig": {
"maxActiveTokensAllowed": 5
}
}
}
Access token validity
To configure the validity of access token for new and existing customers, the
accessTokenValidity
attribute must be set to the Client object
as shown below:
API: [POST] {{oauth_uri}}/oauth/clients
Sample Request Body:
[{
"clientId": "mtclient",
"scope": ["clients_api", "configuration_api", "entities_api", "graphs_api", "groups_api", "interactions_api", "relations_api", "users_api"],
"authorities": ["ROLE_API"],
"resourceIds": ["reltio_api"],
"authorizedGrantTypes": ["password", "refresh_token", "client_credentials"],
"redirectUri": ["http://localhost"],
"clientSecret": "mtclient",
"accessTokenValidity": 3600,
"refreshTokenValidity": 3600
}]