Question
How can I switch to multi-token authorization to avoid 504 errors during an API call?
Answer
Enabling Multi-Token Configuration:
- Update an existing customer with multi-token configuration by using the API: [PUT] {{oauth_uri}}/oauth/customers/ExistingCustomer.
- Include the necessary parameters like
maxActiveTokensAllowed
.
- Include the necessary parameters like
- To create a new customer with multi-token configuration, use the API: [POST] {{oauth_uri}}/oauth/customers.
- Provide the required details in the request body
Creating/Updating Clients:
- Create a new client with access token validity using the API: [POST] {{oauth_uri}}/oauth/clients.
- Set
accessTokenValidity
to the desired value.
- Set
- Update an existing client with new access token validity by using the API: [POST] {{oauth_uri}}/oauth/clients/mtclient.
- Ensure
accessTokenValidity
is correctly configured.
- Ensure
Getting Access Tokens:
- Use the get token API with client_credentials grant type to obtain access tokens.
- Each invocation of the API returns a different access token.
Handling Errors:
- If the number of active tokens exceeds the limit, the get token API returns a 429 error.
- To address the error, check the active tokens using the API and update the customer entity if needed.
Troubleshooting.
- We tracked the tokens being generated during the data load test. These tokens rose and fell as expected.
GET https://auth.reltio.com/oauth/customers/<customerID>/clients/<client_credential_id>/multitokens
-
If too many tokens are defined, the customer can revoke a token for the client after the meeting, but the client receives an access error.
PUT https://auth.reltio.com/oauth/customers/{customerId}/clients/{clientId}/revoketokens
-
Ensure that the user making these API calls has the following role and permissions.
ROLE_ADMIN_CUSTOMER
Auth.Customer.Clients UPDATE
Impact on performance
OAuth multi-token configuration can impact performance by potentially overloading the system with a high volume of tokens, leading to memory overload, increased CPU utilization, and system restarts. Here are some key points related to OAuth multi-token support:
- Enabling multi-token configuration at the customer level allows for generating different access tokens each time the get token API is invoked.
- The maximum number of active tokens a client allows can be configured at the customer level.
- Multi-token support is specifically for the client credentials grant type.
- Access tokens have a validity period that can be configured at the client level.
- When using multi-token support, invoking the get token API returns a different access token each time.
Monitoring the response time for Auth Service, Get Token, and Check Token is crucial to ensuring optimal performance and avoiding issues that may directly impact customers.
Resource links
- https://docs.reltio.com/en/explore/get-going-with-apis-and-rocs-utilities/reltio-rest-apis/explore-apis/authentication-api/application-client-management-apis/revoke-all-client-credentials-tokens
- https://docs.reltio.com/en/explore/get-going-with-apis-and-rocs-utilities/reltio-rest-apis/explore-apis/authentication-api/application-client-management-apis/retrieve-client-multitoken-statistics
- https://docs.reltio.com/en/explore/embark-on-your-journey/what-to-know-before-you-set-off/security/authentication/multi-token-support
Comments
Please sign in to leave a comment.