Forum Discussion
OAuth APM as Authorisation server
Hi AlexS_yb
You right, in Oauth AS use case, APM does not keep session up. As soon as the token is issued, the session is deleted.
If client presents a refresh token, the previous values from the first request should be used.
I'm curious to know which kind of information you want to update during a "token refresh". As if something changed on Owner side, a new authentication is required, then new session var (claims) are issued.
Some claim information is based upon ldap group membership.
With the current setup a 60 min jwt toekn means that a users permission might last 60min past it being removed.
I was thinking maybe to reduce the refresh token time done and force a new jwt, seem expensive though
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com