Re: Apigee authorization code access token per use...

northstarporter · 10-23-2022 06:30 PM

Friends, any help is appreciated! I am using authorization code flow and using Apigee to generate access tokens. So, say when the same client ID(Mobile App) has 100 users who are authenticating via apigee and apigee authorizes the same client ID, but after authenticating the user's username/pwd with an IDP(say okta), does it maintain just 1 access token per the same client ID or does it create 100 access tokens, 1 access token per each user authenticated. I am confused as just authorization of client ID only takes place on apigee, how apigee can maintain the access tokens for each user? Can you please clarify for me? Thanks in advance, Bujji.

northstarporter

friends, can you please let me know your thoughts, thanks.

dchiesa1

@northstarporter wrote:

So, say when the same client ID(Mobile App) has 100 users who are authenticating via apigee and apigee authorizes the same client ID, but after authenticating the user's username/pwd with an IDP(say okta), does it maintain just 1 access token per the same client ID or does it create 100 access tokens, 1 access token per each user authenticated

100 access tokens.
Every request for a token will receive a new token. Even in the case where the same user is interacting with the app from two different devices, that authentication will result in the generation of multiple distinct access tokens.

every time the OAuthV2/GenerateAccessToken policy executes successfully, it will generate a new, unique access token.

Apigee authorization code access token per userId not by clientId