Onegini Token Server API configuration

Onegini IDP utilizes APIs in the Onegini Token Server for mobile login and to manage the user's devices. This page describes the configuration to setup the connection between the two components. For this example we assume that Onegini IDP runs on host idp.example.com and Onegini Token Server on host token-server.example.com.

Connection

The Onegini Token Server protects these APIs via an API client. Configure an API client in the Onegini Token Server that gives access to the Mobile Authentication API and the End User API.

To configure the Onegini Token Server API login to the admin panel. Then go to System -> Token Server. Fill in all the configuration fields and click the Save button.

The configuration consists of the following properties:

Field name Description
Base URL Base URL of the Onegini Token Server, e.g. https://token-server.example.com/oauth
API username Username of the API client in the Onegini Token Server
API password Password of the API client in the Onegini Token Server
Base Callback URL Base URL of the callback to which the Onegini Token Server redirects the user after initializing the mobile authentication. For mobile login it will be resolved from request URL if the field is left blank. Example: https://idp.example.com/connect/mobile-auth/callback.

Mobile authentication transactions clean-up

Whenever mobile authentication is triggered by the Onegini IDP, so when the user logs in via Mobile Login or QR Login, a new transaction is being created and stored within the database in mobile_auth_transactions table. In some scenarios, the transaction may not be finished (for example, when the user abandons the login page) and removed from the database. By configuring a mobile authentication transactions clean-up job you can create a scheduler that will remove the obsolete transactions (i.e. initiated at least 24 hours ago).

This scheduler is enabled by default and clean-up process is by default launched at every midnight.