Action token login
This guide will walk you though the process of generating and login in with the use of the Action token
functionality. This feature enables you to generate and revoke one time
tokens for desired users.
What you need?
To successfully complete this topic guide you need to ensure following prerequisites:
- Onegini IDP instance must to be running, for the sake of this guide we assume it's available under http://idp-core.dev.onegini.me address
- access to Onegini IDP admin console
- at least one user must be registered within Onegini IDP instance
Configuration
The Action token
feature toggle can be found in Onegini IDP admin console under in Configuration > Identity Providers tab. To enable token based login simply select
the checkbox which in the Action Token Login
section.
You can also set Action token
validity (in seconds) and desired authentication level.
Generate new Action token
To create a new Action token
you need to execute the following request:
URL
POST http://idp-core.dev.onegini.me:8081/api/persons/<person_id>/tokens/login
Optional body parameter
{
"expires_in_seconds": "int"
}
The Actions token
is always related with some specific user, therefore you need to provide the person_id
within the request path.
Revoke all tokens for a person
You can revoke all person's Action tokens
by executing the following request:
URL
DELETE http://idp-core.dev.onegini.me:8081/api/persons/<person_id>/tokens/login
Parameters details
expires_in_seconds
- for how many second should token be valid
<person_id>
- person identifier, specifies the owner of the Action token
Validate action token
The Onegini IDP's Credentials API
exposes an endpoint which allows Action Token validation. It means that you need to have the Credentials API
feature enabled in the 's admin console in order to use this functionality.
Please have a look at the API documentation to learn more about how to validate Action Tokens.
Token properties
Action tokens
are single use only, and will be removed upon successful logging in or upon expiration- the default TTL of the
Action tokens
is 3600s - each person can have one or multiple (0-N)
Action tokens
assigned