Roberta Miccoli
Roberta Miccoli
Hi, the AT/RT duration is already configurable by changing the following environment variables: * `DEFAULT_ACCESS_TOKEN_VALIDITY_SECONDS` (default is 3600) * `DEFAULT_REFRESH_TOKEN_VALIDITY_SECONDS` (default is 2592000) These are applied to ALL clients. However,...
Hi, have you tried the IAM account API (https://indigo-iam.github.io/v/v1.8.1/docs/reference/api/account-api/#account-filtering)? You can filter user information by certificate subject in this way: ``` https:///iam/account/find/bycertsubject?certificateSubject=XXX ```
> Minor things Done :)
Hi, first of all, your client has the `profile` scope checked in its configuration? if it is only requested during token request, it does not appear in the AT and...
If I understand correctly, you use the `authorization code` grant type to obtain the access token, right? or `client_credentials` flow?
> I think the issue lies in the authorization grant that is issued by Indigo IAM following the GET request from the FITS client to the authentication endpoint of the...
Hi, I've just checked with this online tool https://jwt.davetonge.co.uk/ and the signature of the token is valid. I think the problem lies elsewhere!
Hi, which Indigo IAM instance are you using? Note that there is a possibility of not including the `nbf` claim in the access token through this env variable `IAM_ACCESS_TOKEN_INCLUDE_NBF=false` (ref:...
>  In my opinion, when the box "Do not send email to the rejected user" is checked, the reason shouldn't be mandatory. Actually it becomes quite useless because it...
When the account is set up as a service account, the signature of the aup is skipped (if it is defined), but what if it accidentally goes to the `/iam/aup/sign`...