[mitreid-connect] ODIC client - refresh token question
Justin Richer
jricher at mit.edu
Mon May 11 11:15:32 EDT 2015
Handling token refresh and storing tokens is entirely up to your application, the library doesn’t do any of that for you. The client library does give you the “OIDCAuthenticationToken” object, which will give you all the token values as strings so you can store or use them elsewhere.
Note that refreshing the access token does not log the user in again — it happens in the background and the user could have long since left. But if what you’re after is accessing background services when the user’s no longer present (i.e., the typical OAuth case), then this makes sense.
— Justin
> On May 11, 2015, at 10:00 AM, Iván Perdomo <ivan at akvo.org> wrote:
>
>
> Hi all,
>
> I'm trying to secure a web application, using the "simple web app" example.
>
> I see that `openid-connect-client` client has the
> OIDCAuthenticationFilter which takes care of the authentication process
> (I managed to configure the client, etc).
>
> Once the user is logged in, is there something that takes care of
> refreshing the access token? Or is something I should implement myself?
>
> Thanks for your work.
>
> --
> Iván
>
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150511/58830163/attachment.bin
More information about the mitreid-connect
mailing list