[mitreid-connect] Storage of Tokens in DB [I]
Chris Hutton
chris.hutton at callsign.com
Tue Dec 13 06:03:50 EST 2016
It seems that you could can pass a JTI or hashed value into the
DefaultOAuth2ProviderTokenService (OAuth2TokenEntityService) before it
calls the JpaOAuth2TokenRepository (OAuth2TokenRepository).
There are a couple of methods to watch out for:
- OAuth2TokenRepository#getAccessTokenByValue
- OAuth2TokenRepository#getRefreshTokenByValue
With both these methods in my proposed solution, the parameter would
become the hashed value or JTI.
There are a number of methods in the /tokens api that expose the token
object for example TokenAPI#getAccessTokenById using
m.put(JsonEntityView.ENTITY, token); however I don't think external API
clients use the token value.
--
Chris Hutton
Head of Development
Callsign Inc.
[C] chris <https://get.callsign.com/chris>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20161213/7882ae1f/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 906 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20161213/7882ae1f/attachment-0001.bin
More information about the mitreid-connect
mailing list