In production, if the authorization server supports OpenID Connect (OIDC), you can perform remote validation instead of local validation. Opaque tokens must use remote validation. Non-opaque tokens may use remote validation to verify that a user is still active. The access token includes a unique client id. Adding an introspectionURI and a clientSecret property to the properties is required to support remote validation.

To configure remote validation, do the following:
  1. Edit the oeablSecurity.properties file.
  2. Set the oauth2 properties for remote validation.
    oauth2.opaqueToken.introspectionUri=http://hostname:port/introspect
    oauth2.opaqueToken.clientSecret=stringClientSecret
    Important: The token services validation set in the oauth2.resSvc.tokenServices property is overridden when a URI is specified. Use the genpassword utility to encrypt the stringClientSecret on production systems. This option is not available in OESECTOOL.
  3. Save the properties file.