Identity Cloud

Token storage

Identity Cloud OAuth 2.0-related services are stateless unless otherwise indicated; no token information is stored in your Identity Cloud tenant. Instead, they either cache the OAuth 2.0/OpenID Connect tokens in the core token service (CTS) token store (server-side), or present them to the client (client-side).

Both client-side and server-side token storage support all of Identity Cloud’s OAuth 2.0 features.

Configure token storage

By default, OAuth 2.0 tokens are configured for client-side storage.

You can update the token storage location to server-side under Native Consoles > Access Management:

  1. To configure for all client applications, go to Realms > Realm Name > Services > OAuth2 Provider.

    Alternatively, to override provider settings on the client, go to Realms > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > OAuth2 Provider Overrides.

    Note that Enable OAuth2 Provider Overrides must be enabled for the setting to apply.

  2. Disable Use Client-Side Access & Refresh Tokens.

  3. Save your changes.

Copyright © 2010-2024 ForgeRock, all rights reserved.