My Profile

My detail page

Contains the user's updatable information.

Display name: Contains the user's name, which is used within Identify Admin.

Upload certificate: Allows the user to select the Browse button to upload a certificate to be used for the STS Web service.

My Password: Enables the user to change his password by entering the existing password as well as the new password twice and clicking Save.

Note: For security reason, if the number of times the user input the wrong old password exceeds 10, that user will be disabled to prevent brute-force password attack.

Other Information: Includes claims that are set up in the system and which have been tagged as updateable.

Consents page

Allows the user to manage his or her list of consent settings. The only Protocol Connections to be listed on the "personal consent management page" are those where the user has in fact provided consent.

When the setting "Remember Consent" on the Protocol Connection is True, a checkbox will appear on the consent box saying "This consent also applies to my future login to this site".

The user can only save his consent settings if all required claims are set and scopes have been set to True.

My REST API key page

This page helps users to manage their tokens which are used to access the REST API. From this page, a user can:

Create the 'Identify OAuth2 Token for REST APIs' connection.
List and view all existing valid refresh tokens.
Generate a new REST API refresh token with specific roles.
Revoke an existing refresh token.
Exchange an access token for testing purposes.
Copy the refresh/access token to the clipboard.

Note: For security purposes, only users who have the "Administrator" role can use the above functionalities.

Create the 'Identify OAuth2 Token for REST APIs' connection

If the 'Identify OAuth2 Token for REST APIs' connection is not created yet, you can click on the "Add Connection" button to create it.

Refresh token list

This page lists all existing valid REST API refresh tokens of the logged-in user. When you hover your mouse on each token, you can find the following functions:

Open the hovered refresh token on a dialog where you can view the full token, exchange it for an access token, or revoke the refresh token .
Copy the hovered refresh token to the clipboard .
Revoke the hovered refresh token .

Generate a new refresh token

Click on the new button and then select the "Generate a new refresh token" option to generate a new refresh token. The Generate a new refresh token dialog allows you to specify the following:

Name: The name of the new refresh token.
Token lifetime (days): The number of days until the refresh token expires. The default token lifetime is 7 days.
Roles: The list of specific REST API roles associated with the new refresh token. When the refresh token is used to obtain an access token, the resulting access token will include only the selected roles.

Note:

The Name value for all refresh tokens generated before version 5.18 will be displayed as N/A due to the absence of a name. Exchanging an access token using refresh tokens generated before version 5.18 is still successful.
The refresh token generated is specific to the REST API and includes a resource property set to the current tenant's Entity ID. Consequently, the resulting access token generated from this refresh token will only contain a single aud claim.

View a refresh token

Click on a row or hover and click on the icon to open the refresh token dialog.

Exchange the refresh token to access token

From the refresh token dialog, you can exchange it for an access token for testing purposes.

The access token which is generated from a valid refresh token contains only the necessary information that is needed for REST API access.

Note that the list of urn:identify:rest-api:role claims depends on the roles selected for the refresh token starting from version 5.18. For example, if a refresh token is generated with only the UserObserver and UserContributor roles, an access token generated from this refresh token will include only those two roles.

Revoke a refresh token

There are two ways to revoke a refresh token

On the refresh token list, choose .
On the refresh token dialog, click on the 'Revoke' button.

A confirmation message will be displayed to make sure that they want to revoke the selected token.

Copy a refresh/access token to the clipboard

You can click on the icon to copy a refresh or an access token to the clipboard. Note that the exchanged access token will disappear right after the dialog is closed.

FAQ

Question: can I revoke the refresh token on my list?

Answer: yes, you can click the "REVOKE" button when viewing the selected refresh token to revoke it.

Question: how can I verify if all refresh tokens are valid?

Answer: you can click the "EXCHANGE ACCESS TOKEN" button to verify it. If it is valid, an access token will be generated. Otherwise, the error message displays, and no access token is generated.

Question: do my refresh tokens update with the new values if I use the "EXCHANGE ACCESS TOKEN" feature?

Answer: by default, the refresh tokens are not updated with the new values. However, if the "Issue a new refresh token when exchanging a refresh token for an access token" option on the "Identify OAuth 2.0 Token for REST APIs" application is enabled, they will be updated with the new values every time you click the "EXCHANGE ACCESS TOKEN" button.

link

Question: how can I manage the lifetime of the access token as well as the refresh token?

Answer: as default, the lifetime for the token is 60 minutes, and for the refresh token, you can specify the number of days on the Generate a new refresh token dialog. You can go to the Applications page, and select and edit the "Identify OAuth 2.0 Token for REST APIs" application to view or change the relevant value of the setting "Token life time (minutes)" for the resulting access token.