Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

How to extend login-token expiration time programmatically?

Avatar

Level 7

Hi Team,

 

We are following encapsulated login token mechanism. We have to extend the login-token expiration time before it expires (before an hour). As per the article https://helpx.adobe.com/in/experience-manager/kb/login-session-refresh-not-working.html encapsulated token login mechanism did not support token refresh(org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl).Please let me know how to do it programmatically. We are using AEM 6.5.

@kautuk_sahni 

Thank you,

AryA.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

@Dinu_Arya 

You can follow and can extend the login-token expiration time programmatically in AEM by updating the cq.authTokenValidity property in the TokenAuthenticationHandler OSGi configuration. Here are the steps:

  1. Navigate to the AEM Web Console at http://localhost:4502/system/console/configMgr.
  2. Locate the Apache Sling Authentication Service - Token Authentication Handler configuration and click on it.
  3. Scroll down to the cq.authTokenValidity property and note its current value. This value specifies the time in seconds that a login token is valid.
  4. Create a new OSGi configuration with the Apache Sling Authentication Service - Token Authentication Handler factory configuration factory name.
  5. In the new configuration, set the cq.authTokenValidity property to the new expiration time that you want to set in seconds.
  6. Save the new configuration.

 

you can programmatically update the cq.authTokenValidity property using the org.osgi.service.cm.ConfigurationAdmin OSGi service. Here is an example code snippet that demonstrates how to update the cq.authTokenValidity property:

 

@Component
@Service
public class TokenExpirationTimeUpdater {
@Reference
private ConfigurationAdmin configAdmin;

public void updateTokenExpirationTime(int newExpirationTimeInSeconds) {
try {
Configuration config = configAdmin.getFactoryConfiguration("org.apache.sling.auth.core.impl.TokenAuthenticationHandler", null);
Dictionary<String, Object> properties = config.getProperties();
properties.put("cq.authTokenValidity", newExpirationTimeInSeconds);
config.update(properties);
} catch (IOException e) {
// Handle exception
}
}
}

 

This code creates a new OSGi configuration for the TokenAuthenticationHandler with the new expiration time specified in the cq.authTokenValidity property. The ConfigurationAdmin service is used to retrieve and update the configuration. Note that you will need to have the appropriate permissions to update the OSGi configuration programmatically.

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

@Dinu_Arya 

You can follow and can extend the login-token expiration time programmatically in AEM by updating the cq.authTokenValidity property in the TokenAuthenticationHandler OSGi configuration. Here are the steps:

  1. Navigate to the AEM Web Console at http://localhost:4502/system/console/configMgr.
  2. Locate the Apache Sling Authentication Service - Token Authentication Handler configuration and click on it.
  3. Scroll down to the cq.authTokenValidity property and note its current value. This value specifies the time in seconds that a login token is valid.
  4. Create a new OSGi configuration with the Apache Sling Authentication Service - Token Authentication Handler factory configuration factory name.
  5. In the new configuration, set the cq.authTokenValidity property to the new expiration time that you want to set in seconds.
  6. Save the new configuration.

 

you can programmatically update the cq.authTokenValidity property using the org.osgi.service.cm.ConfigurationAdmin OSGi service. Here is an example code snippet that demonstrates how to update the cq.authTokenValidity property:

 

@Component
@Service
public class TokenExpirationTimeUpdater {
@Reference
private ConfigurationAdmin configAdmin;

public void updateTokenExpirationTime(int newExpirationTimeInSeconds) {
try {
Configuration config = configAdmin.getFactoryConfiguration("org.apache.sling.auth.core.impl.TokenAuthenticationHandler", null);
Dictionary<String, Object> properties = config.getProperties();
properties.put("cq.authTokenValidity", newExpirationTimeInSeconds);
config.update(properties);
} catch (IOException e) {
// Handle exception
}
}
}

 

This code creates a new OSGi configuration for the TokenAuthenticationHandler with the new expiration time specified in the cq.authTokenValidity property. The ConfigurationAdmin service is used to retrieve and update the configuration. Note that you will need to have the appropriate permissions to update the OSGi configuration programmatically.

Avatar

Level 7

Hi @Jagadeesh_Prakash ,

 

We have a different requirement. We have to extend the token which is already created. For example, user logged in and login-token is generated and it has a lifespan of 2hours(which we configure in Apache Jackrabbit Oak TokenConfiguration). Just an hour before it's expiration, we have to extend the session to only this token or generate new token by replacing the existing token with the configured expiration time(2 hrs in this case). I think the above shared code will create a new config as you said and it will be applicable to new sessions as well.

 

We tried TokenConfiguration, TokenInfo API but the token expiration time is not getting extended. 

 

https://jackrabbit.apache.org/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication...

 

https://jackrabbit.apache.org/oak/docs/security/authentication/tokenmanagement.html

 

Thank you,

AryA

Avatar

Community Advisor

@Dinu_Arya  But in your case it seems the token will not expire any time. Is that expecation correct?