Access token entropy

nsaini
Participant IV

Hi

What is the current entropy for apigee cloud based access token. We need to implememt FAPi requirement for OBIe for which required entropy is 128.

Solved Solved
0 2 762
1 ACCEPTED SOLUTION

By default the access token is 28 hexdecimal characters, I believe.

There are 4 bits of entropy for each char in a hexadecimal string. 28*4 = 114, which is not sufficient for your purposes. You want 128 /4 = 32 characters (minimum) .

You can raise that by setting a property on your org:


POST :mgmtserver/v1/o/:ORG
Authorization: :edge-auth
content-type: application/json

{
  "properties" : {
    "property" : [ {
      "name" : "keymanagement.oauth20.authorization.token.length",
      "value" : "32"
    } ]
  }
}


You may have to append the other existing properties to that payload. First query the org properties, and then POST with the existing properties plus this one.

View solution in original post

2 REPLIES 2

nsaini
Participant IV

By default the access token is 28 hexdecimal characters, I believe.

There are 4 bits of entropy for each char in a hexadecimal string. 28*4 = 114, which is not sufficient for your purposes. You want 128 /4 = 32 characters (minimum) .

You can raise that by setting a property on your org:


POST :mgmtserver/v1/o/:ORG
Authorization: :edge-auth
content-type: application/json

{
  "properties" : {
    "property" : [ {
      "name" : "keymanagement.oauth20.authorization.token.length",
      "value" : "32"
    } ]
  }
}


You may have to append the other existing properties to that payload. First query the org properties, and then POST with the existing properties plus this one.