Action token login

This guide will walk you though the process of generating and login in with the use of the Action token functionality. This feature enables you to generate and revoke one time tokens for desired users.

What you need?

To successfully complete this topic guide you need to ensure following prerequisites:

  • Onegini IDP instance must to be running, for the sake of this guide we assume it's available under http://idp-core.dev.onegini.me address
  • access to Onegini IDP admin console
  • at least one user must be registered within Onegini IDP instance

Configuration

The Action token feature toggle can be found in Onegini IDP admin console under in Configuration > Identity Providers tab. To enable token based login simply select the checkbox which in the Action Token Login section.

You can also set Action token validity (in seconds) and desired authentication level.

Generate new Action token

To create a new Action token you need to execute the following request:

URL
  POST http://idp-core.dev.onegini.me:8081/api/persons/<person_id>/tokens/login
Optional body parameter
  {
    "expires_in_seconds": "int"
  }

The Actions token is always related with some specific user, therefore you need to provide the person_id within the request path.

Revoke all tokens for a person

You can revoke all person's Action tokens by executing the following request:

URL
  DELETE http://idp-core.dev.onegini.me:8081/api/persons/<person_id>/tokens/login

Parameters details

expires_in_seconds - for how many second should token be valid

<person_id> - person identifier, specifies the owner of the Action token

Token properties

  • Action tokens are single use only, and will be removed upon successful logging in or upon expiration
  • the default TTL of the Action tokens is 3600s
  • each person can have one or multiple (0-N) Action tokens assigned