Use the PUT /oauth/accessTokenManagers/{{accessTokenManagerId}} endpoint to update a token management plugin instance.
| Parameter | Value | Description |
|---|---|---|
| accessTokenManagerId | string(required) | ID of token management plugin instance. |
| Code | Reason |
|---|---|
| 200 | Access Token Management instance updated. |
| 400 | The request was improperly formatted or contained invalid fields. |
| 403 | PingFederate does not have its OAuth 2.0 authorization server role enabled. Operation not available. |
| 404 | Resource not found. |
| 422 | Validation error(s) occurred. |
AccessTokenManager - An OAuth access token management plugin instance.
| Property | Type | Description |
|---|---|---|
| accessControlSettings | AtmAccessControlSettings | Settings which determine which clients may access this token manager. |
| attributeContract | AccessTokenAttributeContract | The list of attributes that will be added to an access token. |
| configuration * | PluginConfiguration | Plugin instance configuration. |
| id * | string | The ID of the plugin instance. The ID cannot be modified once the instance is created. Note: Ignored when specifying a connection’s adapter override. |
| name * | string | The plugin instance name. The name cannot be modified once the instance is created. Note: Ignored when specifying a connection’s adapter override. |
| parentRef | ResourceLink | The reference to this plugin’s parent instance. The parent reference is only accepted if the plugin type supports parent instances. Note: This parent reference is required if this plugin instance is used as an overriding plugin (e.g. connection adapter overrides) |
| pluginDescriptorRef * | ResourceLink | Reference to the plugin descriptor for this instance. The plugin descriptor cannot be modified once the instance is created. Note: Ignored when specifying a connection’s adapter override. |
| selectionSettings | AtmSelectionSettings | Settings which determine how this token manager can be selected for use by an OAuth request. |
| sessionValidationSettings | SessionValidationSettings | Settings which determine how the user session is associated with the access token. |
ResourceLink - A reference to a resource.
| Property | Type | Description |
|---|---|---|
| id * | string | The ID of the resource. |
| location | string | A read-only URL that references the resource. If the resource is not currently URL-accessible, this property will be null. |
PluginConfiguration - Configuration settings for a plugin instance.
| Property | Type | Description |
|---|---|---|
| fields | array[ConfigField] | List of configuration fields. |
| tables | array[ConfigTable] | List of configuration tables. |
ConfigTable - A plugin configuration table populated with values.
| Property | Type | Description |
|---|---|---|
| inherited | boolean | Whether this table is inherited from its parent instance. If true, the rows become read-only. The default value is false. |
| name * | string | The name of the table. |
| rows | array[ConfigRow] | List of table rows. |
ConfigRow - A row of configuration values for a plugin configuration table.
| Property | Type | Description |
|---|---|---|
| defaultRow | boolean | Whether this row is the default. |
| fields * | array[ConfigField] | The configuration fields in the row. |
ConfigField - A plugin configuration field value.
| Property | Type | Description |
|---|---|---|
| encryptedValue | string | For encrypted or hashed fields, this attribute contains the encrypted representation of the field’s value, if a value is defined. If you do not want to update the stored value, this attribute should be passed back unchanged. |
| inherited | boolean | Whether this field is inherited from its parent instance. If true, the value/encrypted value properties become read-only. The default value is false. |
| name * | string | The name of the configuration field. |
| value | string | The value for the configuration field. For encrypted or hashed fields, GETs will not return this attribute. To update an encrypted or hashed field, specify the new value in this attribute. |
AccessTokenAttributeContract - A set of attributes exposed by an Access Token Manager.
| Property | Type | Description |
|---|---|---|
| coreAttributes | array[AccessTokenAttribute] | A list of core token attributes that are associated with the access token management plugin type. This field is read-only and is ignored on POST/PUT. |
| defaultSubjectAttribute | string | Default subject attribute to use for audit logging when validating the access token. Blank value means to use USER_KEY attribute value after grant lookup. |
| extendedAttributes | array[AccessTokenAttribute] | A list of additional token attributes that are associated with this access token management plugin instance. |
| inherited | boolean | Whether this attribute contract is inherited from its parent instance. If true, the rest of the properties in this model become read-only. The default value is false. |
AccessTokenAttribute - An attribute for an Access Token’s attribute contract.
| Property | Type | Description |
|---|---|---|
| name * | string | The name of this attribute. |
AtmSelectionSettings - Selection settings for an access token management plugin instance.
| Property | Type | Description |
|---|---|---|
| inherited | boolean | If this token manager has a parent, this flag determines whether selection settings, such as resource URI’s, are inherited from the parent. When set to true, the other fields in this model become read-only. The default value is false. |
| resourceUris | array[string] | The list of base resource URI’s which map to this token manager. A resource URI, specified via the ‘aud’ parameter, can be used to select a specific token manager for an OAuth request. |
AtmAccessControlSettings - Access control settings for an access token management plugin instance.
| Property | Type | Description |
|---|---|---|
| allowedClients | array[ResourceLink] | If ‘restrictClients’ is true, this field defines the list of OAuth clients that are allowed to access the token manager. |
| inherited | boolean | If this token manager has a parent, this flag determines whether access control settings are inherited from the parent. When set to true, the other fields in this model become read-only. The default value is false. |
| restrictClients | boolean | Determines whether access to this token manager is restricted to specific OAuth clients. If false, the ‘allowedClients’ field is ignored. The default value is false. |
SessionValidationSettings - Session validation settings for an access token management plugin instance.
| Property | Type | Description |
|---|---|---|
| checkSessionRevocationStatus | boolean | Check the session revocation status when validating the access token. |
| checkValidAuthnSession | boolean | Check for a valid authentication session when validating the access token. |
| inherited | boolean | If this token manager has a parent, this flag determines whether session validation settings, such as checkValidAuthnSession, are inherited from the parent. When set to true, the other fields in this model become read-only. The default value is false. |
| updateAuthnSessionActivity | boolean | Update authentication session activity when validating the access token. |