Support for Refresh Tokens is configured via the OpenID client's offline_access scope (for further information, go to http://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess).
To support Refresh tokens, configure the client scopes parameter of the OpenID adapter with offline_access.
-
Log on to the ActivID Management Console as an ActivID Administrator (for example, ftadmin).
- In the Configuration tab, under Environment, select Adapters.
-
Create an OpenID adapter or edit an existing one (for example, OpenID_admin) where:
-
Name – mandatory and should be unique for ease of administration.
-
Description – a user-friendly description of the adapter (optional).
-
Adapter Type – select Process to send notifications of operational events (such as user validations).
- Adapter Category – select OpenID client (organization) configuration as the definition of the adapter.
-
-
Configure the main parameters (channels, authentication policies, …) as described in Create the OpenID Administrator for Dynamic Registration.
-
For the Client scopes parameter, add "offline_access".
Copy{"scopes":["openid","profile","offline_access"]} -
Optionally, you can also configure the Refresh token validity.
The validity is in seconds. If it is not configured (left empty), the default value (of the Session transfer Type) is used.
Note: The parameter via dynamic client registration is hid_refresh_token_validity. -
Click Save.
