No support of token refresh for encapsulated token



  • AEM 6.x.x
  • AEM as a cloud service

No support for token refresh for encapsulated token.


An encapsulated token is a self-contained token which has a fixed expiration time depending on what what is set in the OSGI TokenConfiguration as in 1. So if the encapsulated token is enabled as shown in 2, the login session will expire after token Expiration time has run out - even if a token refresh has been enabled as shown in 1.

For example if token expiration set is 360000ms as in 1, the session will expire in 1 hour, the user will have to re-login after 1 hour.

To learn more about encapsulated tokens, please click here

The following Token Refresh flag on Oak TokenConfiguration 1 works alright with sticky sessions. If you have enabled encapsulated token as in 2, you will have to make sure you have enough expiration time set because token refresh is not supported with encapsulated token.

1 Apache Jackrabbit Oak TokenConfiguration


2 Token Authentication Handler - Encapsulated token


On this page