Forum Discussion

Cirrocumulus

Jun 13, 2022

OAuth APM as Authorisation server

Hi Got a question I can't seem to get answered. I have a OAuth authorisation server setup. I have applied the oauth profile and I have a per session policy that use oauth authroization to ass...

BIG-IP Access Policy Manager (APM)

Employee

Jun 27, 2022

Hi AlexS_yb

You right, in Oauth AS use case, APM does not keep session up. As soon as the token is issued, the session is deleted.

If client presents a refresh token, the previous values from the first request should be used.

I'm curious to know which kind of information you want to update during a "token refresh". As if something changed on Owner side, a new authentication is required, then new session var (claims) are issued.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)