- Overview
- About User Self-Service
- Self-Registration
- Social Registration
- OpenID Connect Authorization Code Flow
- Many Social Identity Providers, One Schema
- Setting Up Google as a Social Identity Provider
- Setting Up LinkedIn as a Social Identity Provider
- Setting Up Facebook as a Social Identity Provider
- Setting Up Amazon as an IDM Social Identity Provider
- Setting Up Microsoft as an IDM Social Identity Provider
- Set Up Apple as an IDM Social Identity Provider
- Setting Up WordPress as an IDM Social Identity Provider
- Setting Up WeChat as an IDM Social Identity Provider
- Setting Up Instagram as an IDM Social Identity Provider
- Setting Up Vkontakte as an IDM Social Identity Provider
- Setting Up Salesforce as an IDM Social Identity Provider
- Setting Up Yahoo as an IDM Social Identity Provider
- Setting Up Twitter as an IDM Social Identity Provider
- Setting Up a Custom Social Identity Provider
- Configuring the Social Providers Authentication Module
- Account Claiming: Links Between Accounts and Social Identity Providers
- Managing Social Identity Providers Over REST
- Testing Social Identity Providers
- Scenarios When Registering With a Social ID
- Social Identity Widgets
- Progressive Profile
- Password Reset
- Username Retrieval
- Additional Configuration
- Configure Notification Emails
- Configure Privacy and Consent
- Configure UMA, Trusted Devices, and Privacy
- Terms & Conditions
- Tokens and User Self-Service
- End User UI Notifications
- Configure Google reCAPTCHA
- Configure Identity Fields
- Configure Security Questions
- Add Custom Policies for Self-Registration and Password Reset
- Self-Service End User UI
- Custom Self-Service Stages
- Self-Service Stage Reference
- All-In-One Registration
- OpenAM Auto-Login Stage
- Attribute Collection Stage
- Captcha Stage
- Conditional User Stage
- Consent Stage
- Email Validation Stage
- IDM User Details Stage
- KBA Security Answer Definition Stage
- KBA Security Answer Verification Stage
- KBA Update Stage
- Local Auto-Login Stage
- Parameters Stage
- Patch Object Stage
- Password Reset Stage
- Self-Registration Stage
- Social User Claim Stage
- Terms and Conditions Stage
- User Query Stage
- Social Identity Provider Reference
- Google Social Identity Provider Configuration Details
- LinkedIn Social Identity Provider Configuration Details
- Facebook Social Identity Provider Configuration Details
- Amazon Social Identity Provider Configuration Details
- Microsoft Social Identity Provider Configuration Details
- WordPress Social Identity Provider Configuration Details
- WeChat Social Identity Provider Configuration Details
- Instagram Social Identity Provider Configuration Details
- Vkontakte Social Identity Provider Configuration Details
- Salesforce Social Identity Provider Configuration Details
- Yahoo Social Identity Provider Configuration Details
- Twitter Social Identity Provider Configuration Details
- Custom Social Identity Provider Configuration Details
- Social Identity Provider Button and Badge Properties
- IDM Glossary
Tokens and User Self-Service
Many processes within user self-service involve multiple stages, such as user self-registration, password reset, and forgotten username. As the user transitions from one stage to another, IDM uses JWT tokens to represent the current state of the process. As each stage is completed, IDM returns a new token. Each request that follows includes that latest token.
For example, users who use these features to recover their usernames and passwords get two tokens in the following scenario:
The user goes through the forgotten username process, gets a JWT Token with a lifetime (default = 300 seconds) that lets the user get to the next step in the process.
With username in hand, that user may then start the password reset process. That user gets a second JWT token, with the token lifetime configured for that process.
Note
The default IDM JWT token is encrypted and stateless. However, if you need a token that can be included in a link that works in all email clients, change the snapshotToken type in the appropriate configuration file to uuid.