IG 2023.4

OpenAmAccessTokenResolver (deprecated)

This object is deprecated because the corresponding feature was deprecated in AM 6.5. Consider using the TokenIntrospectionAccessTokenResolver to resolve access tokens and retrieve metadata about the token.

For more information, refer to the Deprecated section of the Release Notes.

In OAuth2ResourceServerFilter, use the AM token info endpoint, /oauth2/tokeninfo, to resolve access tokens and retrieve information. The endpoint typically returns the time until the token expires, the OAuth 2.0 scopes associated with the token, and potentially other information.


Use this resolver with the accessTokenResolver property of OAuth2ResourceServerFilter.

"accessTokenResolver": {
  "type": "OpenAmAccessTokenResolver",
  "config": {
    "amService": AmService reference,
    "providerHandler": Handler reference,
    "endpoint": configuration expression<url>


"amService": AmService reference, required

The AmService heap object to use for the token info endpoint. The endpoint is extrapolated from the url property of the AmService.

See also AmService.

"providerHandler": Handler reference, optional

Invoke this HTTP client handler to send token info requests.

Provide either the name of a Handler object defined in the heap, or an inline Handler configuration object.

To facilitate auditing, configure this handler with a ForgeRockClientHandler, which sends a ForgeRock Common Audit transaction ID when it communicates with protected applications.

Alternatively, configure this handler as a chain containing a TransactionIdOutboundFilter, as in the following configuration:

"providerHandler" : {
  "type": "Chain",
  "config": {
    "handler": "MySecureClientHandler",
    "filters": [ "TransactionIdOutboundFilter" ]

Default: ForgeRockClientHandler

"endpoint": configuration expression<url>, required if amService is not configured

The URI for the authorization service.

Copyright © 2010-2023 ForgeRock, all rights reserved.