Hi, We are on OPDK version 4.15.07.08. We have been using the third party oauth system tokens (tokens are being generated in our in-house Authentication system)for a while,we register the tokens generated in our in-house system in apigee against a client id, so on subsequent resource requests being made the token can be used as client id identifiable information in apigee. We wanted to know if
-
Apigee registers and stores this token in plain text. If yes, how can we confirm that
-
If token is registered in plain text , then can we use the steps mentioned in https://docs.apigee.com/api-platform/security/oauth/hashing-tokens to ensure that tokens are automatically hashed before they are stored
-
Is the above link applicable to our current OPDK (4.15.07.08).
-
Can we revert back this change if needed
-
What other property values need to be explicitly set, is it safe to say that unless explicitly specified in the curl call none of the existing properties are automatically over-ridden.
-
What does the following feature in the curl call indicate “features.isOAuthTokenFallbackHashingEnabled”, what should it be set to in our scenario
-
Once the hash value is stored in apigee, will apigee automatically convert, compare and validate the plain text bearer token being sent by consumer.
-
Does apigee automatically delete revoked and expired tokens.
-
How do we convert existing tokens to hashed tokens and vice-versa
Thanks,
Vednath