|
Token
A web token is used when the user has successfully logged into Panopticon Streams when using one of the following authentication types: BASIC, SAML, or WINDOWS. The token is used to identify the user and represent the user’s ongoing session. This is done to prevent user credentials being sent between the user and server more than necessary.
The token is returned from Panopticon Streams in the form of a cookie when the user has been authenticated. The cookie will be stored in the browser as a HttpOnly cookie.
The token can be configured differently to suit your needs and requirement. The token can be configured to be valid at a certain amount of time, if it can refresh itself and/or if it should be persistent or if it should only last for a user session (While the browser is still open). All this can be configured in the Streams.properties. The table below lists all available token properties.
|
Property |
Description |
Default Value |
|
authentication.token.persistence |
This property is used to determine if the token should persist if the browser is closed or if it should only last while the browser is open. There are two possible values: PERSISTENT and SESSION. PERSISTENT will persist the token in the browser even if the browser has been closed and reopened. SESSION will remove the token from the browser if it is shutdown. IMPORTANT: After modifying the property value to SESSION, ensure to clear the AppData/Token folder before starting the server. |
PERSISTENT |
|
authentication.token.refreshable |
This property determines if the token can refresh itself. The web client can identify if the token is about to expire and then request a new token with the existing token. A token is refreshable if the property is set to true. The token will expire and invalidate the user session if the property is set to false. |
true |
|
authentication.token.secret |
The secret is used to sign the token. The secret will be auto-generated when the server starts for the first time. NOTE: This value should be kept a secret. |
Auto-generated |
|
authentication.token.validity.seconds |
The number of seconds that the token should be valid. |
604800 |