Access token entropy

anonymous · October 22, 2019, 1:08pm

Hi

What is the current entropy for apigee cloud based access token. We need to implememt FAPi requirement for OBIe for which required entropy is 128.

anonymous · October 22, 2019, 1:08pm

@Dino-at-Google

dchiesa1 · October 22, 2019, 3:02pm

By default the access token is 28 hexdecimal characters, I believe.

There are 4 bits of entropy for each char in a hexadecimal string. 28*4 = 114, which is not sufficient for your purposes. You want 128 /4 = 32 characters (minimum) .

You can raise that by setting a property on your org:


POST :mgmtserver/v1/o/:ORG
Authorization: :edge-auth
content-type: application/json

{
  "properties" : {
    "property" : [ {
      "name" : "keymanagement.oauth20.authorization.token.length",
      "value" : "32"
    } ]
  }
}

You may have to append the other existing properties to that payload. First query the org properties, and then POST with the existing properties plus this one.

Topic		Replies	Views
How to Customize Access Token Length? Apigee api-runtime	5	12	August 2, 2020
About Access Token Apigee api-runtime	5	10	October 18, 2017
Apigee Access Token Sufficient Entropy? Apigee api-runtime	1	1	April 24, 2020

Access token entropy

AI Suggested topics