-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Products and Technology
- CRM and Customer Experience
- CRM and CX Q&A
- oAuth Multi Device issue
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
oAuth Multi Device issue
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 2018 Sep 08 2:04 AM
- SAP Managed Tags
- SAP Commerce Cloud
Using Hybris 6.5 OCC services with oAuth2 extension and we're facing issues with multi-device auth specifically in generating refreshTokens. Please note that the tokens are maintained within the device.
Device 1
- Sends refreshToken to API
- API returns new oauth token with updated refreshToken and accessToken
Device 2
- Sends refreshToken to API
- API returns error "invalid refresh token"
Please note that we don't intend to reuseRefreshToken as shown below.
# Specifies if new refresh token should be created during refreshing an Access Token
# reuseRefreshToken = true - old refresh token will be returned, refresh token can be used more than one time
# reuseRefreshToken = false - new refresh token will be created
oauthauthorizationserver.tokenServices.reuseRefreshToken=false
I didn't find any configurations that allows OOB configurations to support multi-device auth using the oAuth extension. Is there a way in handling such cases possibly without extending the oauth2 extension? Does oAuth API accept external inputs when generating the tokens so they can be kept unique per device - similar to AuthenticationKeyGenerator in Spring Security oAuth (https://goo.gl/4NCV9U)?
The other way I see is both the devices should communicate with each other whenever a refreshToken is generated possibly through events outside of Hybris, but it seems too cumbersome.
Need more details?
Request clarification before answering.
Accepted Solutions (0)
Answers (1)
Answers (1)
mpern
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hybris uses Spring OAuth2 under the hood, and it looks like that Spring always creates the same token for a given user, which would explain the behaviour you describe.
I guess one would have to change this behaviour to generate a token per user and device.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Bluesky- SAP Commerce Cloud + Composable Storefront (Spartacus) multi-site with data isolation in CRM and CX Q&A
- Composable Storefront local setup and OAuth Framework Update JDK21 in CRM and CX Blog Posts by SAP
- Retrospective 2025: SAP Enterprise Service Management in CRM and CX Blog Posts by SAP
- The Art of Possible: Why Now Is the Time for SAP Sales and Service AI Agents in Customer Experience in CRM and CX Blog Posts by SAP
- Modern Enterprise Management with SAP: Key Capabilities, Use-Cases and AI-Enabled Integration in CRM and CX Blog Posts by SAP
| User | Count |
|---|---|
| 4 | |
| 2 | |
| 1 | |
| 1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.