This documentation is for WSO2 Identity Server 5.6.0 . View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 Identity Server (WSO2 IS) allows you to enable OAuth2 token hashing to protect OAuth2 access tokens, refresh tokens, consumer secrets, and authorization codes.



  • Token hashing is only required if there are long lived tokens.
  • If you want to enable this feature, WSO2 recommends using a fresh WSO2 Identity Server distribution.
    To use this feature with an existing database, you may need to perform data migration before you enable the feature. If you have to perform data migration before you enable this feature Contact us.

Follow the instructions below to set up OAuth token hashing: