A token procedure plugin that adds custom behavior to the refresh token endpoint.
The plugin adds the following two features to the refresh token endpoint:
- If the request to the endpoint contains the query parameter
long_lived_token
with value set totrue
, then the new access token is issued for a duration set in the plugin's configuration, instead of the value set for the given client. - If the client has a property
id_token_on_refresh
set totrue
, then an ID token will be issued together with the response to the refresh token request.
Build the plugin by issuing the command mvn package
. This will produce a JAR file in the target
directory, which can be installed.
To install the plugin after building, copy the contents of /target/
to ${IDSVR_HOME}/usr/share/plugins/longlivedtokenprocedure
, on each node of
the Curity Identity Server, including the admin node.
For more information about installing plugins, refer to the curity.io/plugins.
For a list of the dependencies and their versions, run mvn dependency:list
.
If you modify this plugin and add any runtime
or compile
scope dependencies, then ensure that all of these are installed in the plugin group. Otherwise, they will not be accessible to this plug-in and run-time errors will result.
The plugin has the following configuration options:
Long-Lived Access Token Expiration
— the Time To Live for a long-lived access token, in seconds. Defaults to 4 hours.Access Token Issuer
— a custom access token issuer. The default issuer is used if none provided.Refresh Token Issuer
— a custom refresh token issuer. The default issuer is used if none provided.ID Token Issuer
— a custom ID token issuer. The default issuer is used if none provided.
To enable the plugin using the admin UI go to your Token Service profile, then Endpoints. Locate the endpoint with type oauth-token
and click on the Flows
dropdown. Click on the dropdown under the Refresh
flow and select + New Plugin.
Give the plugin a name, and select the "Long Lived Token on Refresh" plugin tile.
You can then change the configuration option for the plugin. Once this is adjusted, commit the changes. The plugin will now be run when you call the refresh token endpoint.
You can manage your token procedure plugins by going to the System tab, then choosing Token Procedure Plugins from the sidebar menu.
See TEST.md for options on running the test suite for this plugin.
Please visit curity.io for more information about the Curity Identity Server.