0

How to create OAuth2 Opaque(Reference) Access Tokens in apimanager 410? I followed enter link description here, but cannot find OAUTH token type when we create applications.

I want to create this application because of the issue enter link description here. if same token is sent every time we call the token api, this will work for us. Our tests need to get the token first and use it from there. there can be different apis calling in different times and this will expire the first token.

enter image description here

Bilal Ahmed
  • 47
  • 7

2 Answers2

3

There is a lengthy manual method that lets you to create opaque tokens in APIM 4.1.0, but our recommendation is to proceed with the JWT token-based applications. This will reduce the load at the gateway with token validation which is a huge performance gain. Even if you used the same clientID, or secret Pair, you can change the scopes set with a device scope and I believe this should give you the ability to create multiple tokens at the same time.

Having said that, you can create opaque token in the below approach, but this will remove the user experience provided in the devportal and you have to use carbon console(https://localhost:9443/carbon) if you need to change your application.

  1. log in to admin portal (https://localhost:9443/admin)
  2. Open Key managers --> resident key manager (or whatever the key manager you have) --> and select Out Of Band Provisioning and save. enter image description here
  3. Log in to carbon console (https://localhost:9443/carabon)
  4. Register a service provider. enter image description here
  5. Under Inbound authentication config, select OAuth/OpenID connect configurations and configure an OAuth Applicaitonenter image description here
  6. Add you application details from here as you prefer with the listed grant types and create an application.
  7. Make sure to select the token issuer and default. This is where you select whether the token type is JWT or Opaque. enter image description here
  8. Once you save it, you can find the client ID secret pair in here. enter image description here
  9. Log in to devportal (https://localhost:9443/devportal)
  10. Create an application.
  11. Under the production Keys section, now you can see a new option enabled as provide existing OAuth keys. enter image description here
  12. Add the consumer key secret pair you created in the step 8.
  13. Now you have created an application that generates opaque tokens.
Lakshitha
  • 1,021
  • 1
  • 6
  • 15
  • Added same content as a StackOverflow article and added some more information on architecture and what we are doing here. https://stackoverflow.com/collectives/wso2/articles/75285199/how-to-create-an-application-that-generate-opaque-token-in-wso2-apim-manager-4-x – Lakshitha Jan 30 '23 at 13:38
  • The device token approach worked. I will try the opaque token creation steps. – Bilal Ahmed Jan 30 '23 at 18:02
-1

In the latest API Manager versions do not allow generating opaque access tokens. You can use the following configuration to the deployment.toml of API Manager and disable token revocation on token renewal.

[oauth.access_token]
invoke_token_revocation_event_on_renewal = false
Pubci
  • 3,834
  • 1
  • 13
  • 28
  • This config will only work for opaque applications and does not work for JWT applications. In apim 4.0.0, there was an issue with token revocation flow which didn't fire events in the revoke flow. While fixing it, we have added this via an update to maintain the backward compatibility. This was never continued to 4.1.0 – Lakshitha Jan 30 '23 at 13:42