Skip to main content

User tokens

This Token Store is conceptually different. It may be accessed both with Management API Client permissions, or with signed-in user account permissions. These tokens are private to the user account. Unlike Management API Client private tokens, these tokens may be shared between applications and services. To do that, ACLs must be defined. Se here for more information.

https://oneportal.t5.fi/apidoc lists the API end-points under /user/{userID}/token.

Basics

User tokens are access controlled key-value pairs, that are tied to user accounts. The value can be any string or even JSON if it is escaped and presented as a string. Tokens can also be used to store small files as base64 formatted strings.

User tokens can be queried by user id and single tokens can be queried by user id and token key. As with any other external application specific data persistence methods, the value of the token is not used internally by TIS in any way. The value is only meaningful to external applications.

As the user tokens are access controlled, they are a good place to save application specific information on the user’s roles and permissions. In this case the token should only be readable and writeable by the Management API Client in charge of access control resolving.

Limitations

  • The size limit for a single user token is 16MB, including metadata. It should be kept in mind, however, that having lots of tokens with large values may eventually lead to performance issues when querying large amount of tokens.

  • After the user, that the token refers to is deleted, the tokens may not be available any more. Before permanently deleting user accounts, it should be ensured that the user does not have any important information in their tokens.