Tokens and login sessions in IBM Cloud

7:25 pm
December 2, 2023

**Understanding Tokens and Login Sessions in IBM Cloud**

IBM Cloud relies on the OAuth 2.0 protocol for authentication and authorization. However, the platform has extended some functionalities to cater to its specific requirements. This article explores the usage, format, and management of access and refresh tokens, as well as login sessions within IBM Cloud.

**Access and Refresh Tokens**

In IBM Cloud, applications receive access tokens based on OAuth 2.0 standards, representing authenticated identities and permissions. Additionally, the access token also denotes the currently selected account. When invoking IBM Cloud services, this token is transmitted as part of the API call, allowing the service to make authorization decisions. Refresh tokens can also be obtained for specific use cases to obtain a new access token when the previous one expires. Access tokens can be obtained using an API key or when running on an IBM Cloud-managed compute platform.

**Token Format**

Access tokens in IBM Cloud use the JSON Web Token format, with a standard format and signature created using the RS256 algorithm. IBM Cloud Services and applications can validate these tokens without significant latency, as they cache public signature keys announced by IBM Cloud IAM.

**Login Sessions**

Login sessions are created when a user logs into the IBM Cloud Console or the IBM Cloud CLI. Users can manage and revoke their login sessions through the user interface, with various factors leading to the expiration of a session. IAM Administrators can configure parameters such as active sessions, sign out due to inactivity, and concurrent sessions.

**Tokens Without Login Sessions**

For service invocations in IBM Cloud that do not require login sessions or session revocation capabilities, access and refresh tokens may still be used. However, IBM Cloud IAM avoids generating refresh tokens as much as possible for API interactions, with one exception being the use of Service IDs for IBM Cloud CLI operations.

For access tokens created with an API key or based on a compute platform, refresh tokens are not generated, and no login session is created in the background. The lifetime of access tokens is typically 60 minutes, and the default validity of refresh tokens is 72 hours, configurable by IAM Administrators.

**Summary**

IBM Cloud IAM uses access tokens for client invocations of services and attempts to minimize the generation of refresh tokens, with login sessions providing control over session expiration and revocation for IBM Cloud CLI operations. IAM Administrators can tailor the IAM settings based on the specific needs of their account, influencing the expiration of access and refresh tokens.

For further information, you can refer to the IBM Cloud Identity and Access Management resources.

*Frequently Asked Questions (FAQ)*

**Q: What is the format of access tokens in IBM Cloud?**
A: Access tokens in IBM Cloud use the JSON Web Token format with a standard format and are signed using the RS256 algorithm.

**Q: Can I revoke login sessions in IBM Cloud?**
A: Yes, users can manage and revoke their login sessions through the user interface provided by IBM Cloud.

**Q: How long do access tokens and refresh tokens last by default in IBM Cloud?**
A: By default, access tokens are valid for 60 minutes, while refresh tokens are valid for 72 hours.

**Q: Can IAM Administrators configure login session parameters in IBM Cloud?**
A: Yes, IAM Administrators can configure parameters such as active sessions, sign out due to inactivity, and concurrent sessions for login sessions.

**Q: Are refresh tokens generated for all interactions in IBM Cloud?**
A: No, IBM Cloud IAM avoids generating refresh tokens as much as possible, especially for service invocations where login sessions are unnecessary.

**Q: Where can I find more information about IBM Cloud Identity and Access Management?**
A: You can refer to the IBM Cloud Identity and Access Management resources for further information.

*Source: [IBM Cloud Identity and Access Management](https://www.ibm.com/cloud/identity-and-access-management)*


Share:

More in this category ...

11:58 am February 23, 2024

730K Investors Exit Despite Record $7B Inflows

Featured image for “730K Investors Exit Despite Record $7B Inflows”
10:49 am February 23, 2024

Tokenized Securities: Understanding the Impact on Traditional Financial Markets

7:08 am February 23, 2024

Enhance Your Technical Team’s Skills with Practical Technology Training

3:19 am February 23, 2024

Blockchain 101: An Essential Guide for Artists and Creators on Copyright Protection

3:05 am February 23, 2024

Binance Labs invests in EigenLayer restaking protocol Renzo

12:01 am February 23, 2024

Is Bitcoin’s Bullish Streak Sustainable?

Featured image for “Is Bitcoin’s Bullish Streak Sustainable?”
7:53 pm February 22, 2024

Paris Saint-Germain (PSG) Becomes First Football Club to Officially Validate a Blockchain

7:46 pm February 22, 2024

Innovations in Music Distribution: Understanding Decentralized Streaming Protocols

7:28 pm February 22, 2024

Operationalizing Ethical AI in Defense: A Holistic Approach

12:41 pm February 22, 2024

JasmyCoin rallies 295% as Bitcoin Dogs take the crypto stage by storm

12:14 pm February 22, 2024

The Future of Diamond Trading: Disrupting Traditional Channels with Blockchain

12:03 pm February 22, 2024

Apecoin Climbs To 6-Month High Amidst Whales’ Strategic Moves

Featured image for “Apecoin Climbs To 6-Month High Amidst Whales’ Strategic Moves”
7:50 am February 22, 2024

Polygon and StarkWare unveil Circle STARKs to streamline Zk Proofs

5:29 am February 22, 2024

Lido adds support for 1inch as withdrawal aggregator

4:44 am February 22, 2024

Unlocking the Value of Tokenized Data in Health Research and Analytics

12:05 am February 22, 2024

Is Ethereum Overvalued, Similar ‘To Meme Coins Like Shiba Inu’?

Featured image for “Is Ethereum Overvalued, Similar ‘To Meme Coins Like Shiba Inu’?”
10:17 pm February 21, 2024

Binance Introduces Portal (PORTAL) to Launchpool for Crypto Gaming

9:15 pm February 21, 2024

Smart Contracts and Blockchain: Transforming Sustainable Supply Chains

3:03 pm February 21, 2024

Brad Garlinghouse Optimistic about Ripple’s Future, Says Ripple Will Welcome XRP ETF

1:44 pm February 21, 2024

From Trust to Security: The Case for Decentralized Identity Management Systems

12:08 pm February 21, 2024

Render Token Surges 60% In a Month, Gains Traction with Investors

Featured image for “Render Token Surges 60% In a Month, Gains Traction with Investors”
8:29 am February 21, 2024

Climate change predictions: Anticipating and adapting to a warming world

7:51 am February 21, 2024

Starknet’s STRK sees volatile market debut following airdrop

6:14 am February 21, 2024

Securing the Food Supply: How Blockchain is Combating Counterfeit Products

12:39 am February 21, 2024

Analysts say $3k “a relatively small obstacle”

12:11 am February 21, 2024

Bitcoin Whales Steer Clear Of Significant Short Positions, Show Confidence In Price Surge

Featured image for “Bitcoin Whales Steer Clear Of Significant Short Positions, Show Confidence In Price Surge”
10:44 pm February 20, 2024

The Potential of Tokenized Derivatives: Unlocking New Opportunities for Investors

8:40 pm February 20, 2024

How IBM is using Real User Monitoring and DNS to deliver premium Global Server Load Balancing for business-critical applications 

5:27 pm February 20, 2024

Human Institute Teams Up with Polygon Labs and Animoca Brands to Introduce ZKP-Powered Palm Recognition Technology

3:16 pm February 20, 2024

The Future of E-Commerce: Unleashing the Potential of Blockchain Technology