Configure remote validation
- Last Updated: June 16, 2026
- 1 minute read
- OpenEdge
- Version 13.0
- Documentation
In production, if the authorization server supports OpenID Connect (OIDC), you can perform
remote validation instead of local validation. Opaque tokens must use remote validation.
Non-opaque tokens may use remote validation to verify that a user is still active. The
access token includes a unique client id. Adding an introspectionURI
and a clientSecret property to the properties is required to support
remote validation.
- Edit the
oeablSecurity.propertiesfile. - Set the
oauth2properties for remote validation.oauth2.opaqueToken.introspectionUri=http://hostname:port/introspect oauth2.opaqueToken.clientSecret=stringClientSecretImportant: The token services validation set in theoauth2.resSvc.tokenServicesproperty is overridden when a URI is specified. Use thegenpasswordutility to encrypt the stringClientSecret on production systems. This option is not available in OESECTOOL. - Save the properties file.