Our client/target system generates an OAuth token using the oauth2/token URL. The client can retrieve the code/objects with the token. We want to know if SailPoint provides a way to validate the OAuth URL to check whether the existing token is still valid
Which connector is this in reference too?
Or is this when you are interacting with the SailPoint API’s?
I am referring to the SailPoint APIs for generating an OAuth token. We have registered our product under OAuth Client Management, which has provided us with a client ID and client secret, allowing us to generate the token.
However, we need a method to ensure that the existing token is still valid.
When you receive a new token in response to an authentication request, it typically includes an expires_in value. This value tells you when the token will expire. As the client, it’s your responsibility to handle this logic effectively. This value is configured when you are creating your API credentials.
There’s no need to leverage a dedicated endpoint to validate if a token is still valid. Instead, you can streamline your operations by attempting to proceed with your request. If the token has expired, you can simply retrieve a new one. This approach ensures your logic remains consistent, even if the token’s expiration window changes.
By managing token expiration proactively, you can maintain a seamless and efficient process.
1 Like
According to the OAuth 2.0 standard, the primary method for validating a token is through the “Token Introspection” endpoint, which allows a resource server to query the authorization server to verify the validity and details of an access token, including its active status, user information, and scopes; this is defined in RFC 7662.
So i was checking does IIQ provides an token introspection endpoint to validate it ?
As far as I know token validation is not a native feature since IdentityIQ is not inherently designed as an OAuth/OIDC provider.
1 Like
@guduru510 I do not think there is a way , i am trying to understand what is use case, as if you are storing token and calling api then you will get 401 Error if that error then get new token and call the api again.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.