Step 3: Create a token policy (optional)

Identity Cloud DocumentationToken Policies
VideoAdding a Scope to a Token Policy


Call the /config/tokenPolicies endpoint using the POST method to create or modify a token policy for your Hosted Login implementation. 

Akamai issues you a pair of token policies: one for your public client and one for your confidential client. These might be the only policies you need: multiple clients can share the same token policy. However, you will have to modify these policies (or create additional policies) if you:

  • Want to use different scopes for different sets of users.
  • Want to use different access token and refresh token time-to-live values for different sets of users.
  • Want to use opaque access tokens for some users and JWT access tokens for other users.

When configuring Bearer token authorization for this call, use the configuration token you provisioned in step 2.


Request Template

curl -X POST \
https://v1.api.<region>.janrain.com/<customer-id>/config/tokenPolicies \
  -H 'Authorization: Bearer <token> \
  -H 'Content-Type: application/json' \
  -d '{
  "accessTokenLifetime": <lifetime-in-seconds>,
  "allowedScopes": [
    "<scope>",
    "<scope>",
    ...
  ],
  "refreshTokenLifetime": <lifetime-in-seconds>,
  "title": "<new-token-policy-name>", 
  "useAccessJWT": true
}'


Example Request

curl -X POST \
https://v1.api.us.janrain.com/12345678-1234-1234-1234-123456789012/config/tokenPolicies \
  -H 'Authorization: Bearer 123abc456...def789ghi' \
  -H 'Content-Type: application/json' \
  -d '{
  "accessTokenLifetime": 3600,
  "allowedScopes": [
    "openid",
    "profile",
    "email",
    "address",
    "phone"
  ],
  "refreshTokenLifetime": 36000,
  "title": "Property 1 Token Policy", 
  "useAccessJWT": true
}'


Example Response

"a123bcde-4f56-7890-gh12-i34j567k8l90"

The response contains the ID of the token policy you just created. If you want to review the full token policy you just created, call the /config/tokenPolicies/{tokenPolicyId} endpoint using the GET method. 


  Step 4: Create a Login Policy