Token storage
Identity Cloud OAuth 2.0-related services are stateless unless otherwise indicated; no token information is stored in your Identity Cloud tenant. Instead, they either cache the OAuth 2.0/OpenID Connect tokens in the core token service (CTS) token store (server-side), or present them to the client (client-side).
Both client-side and server-side token storage support all of Identity Cloud’s OAuth 2.0 features.
Configure token storage
By default, OAuth 2.0 tokens are configured for client-side storage.
You can update the token storage location to server-side in the AM admin UI:
-
To configure for all client applications, go to Realms > Realm Name > Services > OAuth2 Provider.
Alternatively, to override provider settings on the client, go to Realms > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > OAuth2 Provider Overrides.
Note that Enable OAuth2 Provider Overrides must be enabled for the setting to apply.
-
Disable Use Client-Side Access & Refresh Tokens.
-
Save your changes.