What is stored in the OAuth Token and is it encrypted? (retired) - HxGN SDx - HxGN SDx - Reference - Hexagon

HxGN SDx Modified and Retired Functionality

Language
English
Product
HxGN SDx
Search by Category
Reference
SmartPlant Foundation / SDx Version
10
SmartPlant Markup Plus Version
10.0 (2019)

This functionality was removed in Update 23.

Despite first appearances, the OAuth token is not encrypted and only base-64 encoded. The token contains the information relating to the user and the token issuer and is stored as key-value pairs known as claims. A tokens typically contains the username, the URI of the token issuer, the mechanism used to generate the token (the OAuth flow), and the client host information. An example below shows a decoded OAuth token and what values are contained within the encoded string:

{

“client_id”: “TestClient”,

“scope”: “SPF”,

“sub”: “superuser”,

“amr”: “password”,

“auth_time”: 1489148304,

“idp”: “idsrv”,

“name”: “superuser”,

“ClientHostName” : “SPFMachine”,

“role”: “Admin”,

“ingr.session_id”: “6800695efddf40d8977fbc4b765800d3”,

“iss”: “http/localhost/spfconfigservice/spfauthentication/oauth”,

“aud”: “http/localhost/spfconfigservice/spfauthentication/oauth/resources”,

“exp”: “1489151904”,

“nbf”: “1489148304”

}

SHARED Tip A decoding utility for OAuth tokens and viewing the contents can be found at: htttps//jwt.io.