Token Procedures#
Token Procedures are used to customize the behavior of various OAuth/OpenID endpoints in the Token Profile. By default, the Token Profile comes with several built-in token procedures that handle common tasks such as token issuance, introspection and more. However, it’s possible to override these built-in procedures with custom token procedures to implement specific use cases, like custom token issuance logic, additional validation steps, and more.
Token Procedure Types#
Token procedures can be implemented in two ways:
Both types can be used to implement the same functionality, they just differ in how they are created and deployed. Script token procedures are easier to create and deploy - it can be done with a few clicks in the Admin UI, while plugin token procedures require development using the server’s Java SDK and a deployment of the plugin JAR files to the server. However, plugins can offer a full software lifecycle including versioning, testing, and integration with existing build systems. This is harder to achieve with script procedures, since they are stored directly in the server’s configuration.
Both types of procedures can be configured in the Token Profile on OAuth/OpenID endpoints, by going to
Admin UI → Profiles → Any Token Profile → Endpoints
and clicking on an endpoint that supports token procedures. For example the token endpoint (type oauth-token)
supports many token procedures - one for each OAuth flow. After an endpoint is clicked, an Edit Endpoint modal is opened.
In the modal you can scroll down to the Flows section to configure the desired procedures.
Further Reading#
See the below links for further details about the available types of token procedures in the Token profile: