My Oracle Support Banner

How to update the OAM SSO Session Linking JWT OAUTH_TOKEN Validity ? (Doc ID 3019764.1)

Last updated on MAY 02, 2024

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


In deployment scenarios where a few resources are protected by OAM while some might be accessed with OAuth, to achieve seamless SSO between the different mixes of applications, it is necessary to link the SSO session with the Access Token.

When the SSO Session is created, a JWT User Token is created. The JWT User Token has the SSO "session_id" as part of its claims.


Two other JWT claims are:

- "exp" (expiration time): Time after which the JWT expires (in milliseconds since epoch)

- "iat" (issued at time): Time at which the JWT was issued (in milliseconds since epoch)

- The difference between exp and iat (ie: exp - iat) = JWT expiration time in "ms".


By default, JWT Tokens are created with an Expiration time of 3600 seconds (1 hour).

This document shows how to make OAM create JWT SSO Linking Tokens with an Expiry time other than the default.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.