PingOne Advanced Identity Cloud

Token storage

Advanced Identity Cloud OAuth 2.0-related services are stateless unless otherwise indicated. This means that no OAuth 2.0/OIDC token information is stored in your Advanced Identity Cloud tenant. Instead, tokens are stored in the core token service (CTS) token store (server-side), or presented to the client application (client-side).

Both client-side and server-side token storage support all of PingOne Advanced Identity Cloud’s OAuth 2.0 features.

Configure token storage

By default, OAuth 2.0 tokens are configured for client-side storage.

You can update the token storage location to server-side under Native Consoles > Access Management.

  1. Choose one of the following options:

    1. To configure token storage for all client applications, go to Realms > Realm Name > Services > OAuth2 Provider.

    2. To override OAuth 2.0 provider settings per client, go to Realms > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > OAuth2 Provider Overrides.

      You must set Enable OAuth2 Provider Overrides for the setting to apply.

  2. Disable Use Client-Side Access & Refresh Tokens.

  3. Save your changes.

Copyright © 2010-2024 ForgeRock, all rights reserved.