This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Possible to shorten the Oauth2 token?

Posted on 12-20-2022 10:56 AM
arunprasath25
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

We are generating access token using oauth2. I am getting a lengthy token. Please note that we are also using some attributes while generating the token. Is there a way we can configure apigee to get a short token.

 

@dchiesa1 @sidd-harth 

0 3 401
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Can you elaborate on what is "lengthy" and what you intend by "short"?

Apigee (X and hybrid) issue opaque OAuth tokens of length ~28 characters, as far as I know. This length isn't documented, and it may change in the future, or for any particular Apigee organization, but I believe it's the common configuration for most organizations. Is that what you consider "lengthy"?

@arunprasath25 wrote:

We are generating access token using oauth2.

If you are using the OAuthV2 policy in Apigee, and the GenerateAccessToken operation, I would expect the token to have a length of 28. If you are using the OAuthV2 policy and the GenerateJWTAccessToken operation, then the token will be longer. That is unavoidable, since the token will be a JWT, which encodes all claims/attributes. To avoid that, don't use a JWT token! Use an opaque form.

0 Likes

Posted on --/--/---- --:-- AM
playarun93
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Ours is opdk. 28 characters applies for opdk as well?

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to playarun93
Reply posted on --/--/---- --:-- AM

No.  I don't know what the length value for OPDK is.  But I believe it is a value of between 28 and 48. You should be able to observe this yourself.

0 Likes