Versions Compared

Old Version 12

changes.mady.by.user Henri Mikkonen

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleProfile-Specific

Options specific to this profile are:

Name

Type

Default

Description

revocationMethod

CHAIN or TOKEN

CHAIN

The revocation method:

  • CHAIN refers to revoking whole the entire chain of tokens (from the authorization code to and all access/refresh tokens issued based on it)

  • TOKEN refers to revoking a single token

revocationLifetime

Duration

PT6H

The revocation lifetime used when revoking the full chain (see CHAIN above).

For convenience, revocationMethod is globally controllable via the idp.oauth2.revocationMethod property and revocation lifetime revocationLifetime via the idp.oidc.revocationCache.authorizeCode.lifetime property. If a single token is to be revoked, the lifetime is taken of from the remaining lifetime of the token to be revoked. It’s calculated by comparing the expiration time of the token to the current instant. See https://shibboleth.atlassian.net/wiki/spaces/IDPPLUGINS/pages/2931327005/OPToken#Configuration for the configuration of lifetimes for access and refresh tokens.

...