--- title: Token storage description: Advanced Identity Cloud OAuth 2.0-related services are stateless unless otherwise indicated. This means that no OAuth 2.0/OIDC token information is stored in your Advanced Identity Cloud tenant. Instead, tokens are stored in the core token service (CTS) token store (server-side), or presented to the client application (client-side). component: pingoneaic page_id: pingoneaic:am-oauth2:token-storage canonical_url: https://docs.pingidentity.com/pingoneaic/am-oauth2/token-storage.html keywords: ["OAuth 2.0", "Storage", "Setup & Configuration"] page_aliases: ["am-auth2:stateless-stateful-tokens.adoc"] section_ids: configure-token-storage: Configure token storage --- # Token storage Advanced Identity Cloud OAuth 2.0-related services are *stateless* unless otherwise indicated. This means that no OAuth 2.0/OIDC token information is stored in your Advanced Identity Cloud tenant. Instead, tokens are stored in the core token service (CTS) token store (*server-side*), or presented to the client application (*client-side*). Both client-side and server-side token storage support all of Advanced Identity Cloud's OAuth 2.0 features. ## Configure token storage By default, OAuth 2.0 tokens are configured for [client-side](client-side-tokens.html) storage. You can update the token storage location to [server-side](server-side-tokens.html) under Native Consoles > Access Management. 1. Choose one of the following options: 1. To configure token storage for *all* client applications, go to Realms > *Realm Name* > Services > OAuth2 Provider. 2. To override OAuth 2.0 provider settings per client, go to Realms > *Realm Name* > Applications > OAuth 2.0 > Clients > *Client ID* > OAuth2 Provider Overrides. | | | | - | ----------------------------------------------------------------------- | | | You must set Enable OAuth2 Provider Overrides for the setting to apply. | 2. Disable Use Client-Side Access & Refresh Tokens. 3. Save your changes.