Skip to main content


Showing posts from June, 2017

Creating Personal Access Tokens in ForgeRock AM

Personal Access Tokens (PAT's) are used to provide scoped self-managed access credentials that can be used to provide access to trusted systems and services that want to act on a users behalf, or access user data. Similar to OAuth tokens, they often don’t have an expiration and are used conceptually instead of passwords.  A PAT could be used in combination with a username when performing basic authentication. For example see the page within Github which allows scope-related tokens to be created for services to access your Github profile.  Here Github allows you to provide a token that can gain access to services and data stored on Github.  The token is used in conjunction with your username over basic authentication. PAT Creation The PAT can be an opaque string - perhaps a SHA256 hash.  Using a hash seems the most sensible approach to avoid collisions and create a fixed-length portable string.  A hash without a key of course wont provid