Hi Prayag, By design when using self-contained(jwt) access tokens WSO2 IS issues a new access token[1]. The reason for this is the IS does not store self-contained access tokens. If you are using the self-contained access tokens to retrieve any claims you can use the default token issuer(get an opaque string access token) and achieve this using the id_token. However, if you want to use jwt access tokens you can still achieve this by writing a custom OAuth Token Generator[2] by referring to the JWTTokenIssuer class[3].
[1] - https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v6.0.53/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java#L152 [2] - https://docs.wso2.com/display/IS570/Extension+Points+for+OAuth#ExtensionPointsforOAuth-OAuthTokenGenerator [3] - https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v6.0.53/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java Best Regards, Janak On Mon, Aug 5, 2019 at 11:27 AM prayag pavithran < [email protected]> wrote: > Thanks Piraveena for the suggestion, RenewTokenPerRequest functionality > is not enabled and also access token expiry time is set to 3600 seconds. > > > Thanks & Regards, > Prayag Pavithran > ------------------------------ > *From:* Piraveena Paralogarajah <[email protected]> > *Sent:* Friday, August 2, 2019 7:43 PM > *To:* prayag pavithran > *Cc:* [email protected]; Janak Amarasena > *Subject:* Re: [Dev] WSO2 Identity server,multiple token requests issue > > Hi Prayag, > > We have a feature called Issuing New Tokens Per Request IS 5.7.0 > (WumUpdate ) onwards. In this feature, the access token and the refresh > token will be renewed per each token request. For that, you have to enable > the configuration <RenewTokenPerRequest>. Please check whether it is > enabled or not. You can use this documentation > <https://docs.wso2.com/display/IS570/Issuing+New+Tokens+Per+Request>. But > if this feature is enabled, then in idn_oauth2_access_token_audit table, > the state will be set as "REVOKED". > > If this is not enabled, you can check the expiration time of access > tokens. Sometimes, you may have configured a small value as the expiration > time. You can check the expiration time in the management console under > Main>Service Providers>Inbound Authentication Configuration> OAuth2/OpenID > Connect Configuration. > > Thanks, > Piraveena > > *Piraveena Paralogarajah* > Software Engineer | WSO2 Inc. > *(m)* +94776099594 | *(e)* [email protected] > > > > On Fri, Aug 2, 2019 at 10:24 AM Janak Amarasena <[email protected]> wrote: > > Hi Prayag, > > Are you using jwt access tokens? > > Best Regards, > Janak > > On Wed, Jul 31, 2019 at 6:28 PM prayag pavithran < > [email protected]> wrote: > > Hi All, > > We've integrated WSO2 Identity Server 5.7.0 with an Angular application > using OIDC client JS. > > When ever multiple requests for token are sent from the same client , > identity server is returning every time a new token and setting previous > token state as "EXPIRED" in idn_oauth2_access_token_audit table. > > Can you please let me know how to configure WSO2 IS to return the same > access token if already exists and not expired , if multiple requests for > token are sent from the same client. > > > Thanks & Regards, > Prayag Pavithran > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > -- > *Janak Amarasena* | Software Engineer | WSO2 Inc. > (m) +94777764144 | (w) +94112145345 | (e) [email protected] > > > <https://wso2.com/signature> > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Janak Amarasena* | Software Engineer | WSO2 Inc. (m) +94777764144 | (w) +94112145345 | (e) [email protected] <https://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
