[mitreid-connect] Storage of Tokens in DB [I]

Tue Dec 13 06:16:36 EST 2016

Hi Dominik,

It was more of a theoretical solution rather than a branch on GitHub. We
have implemented our own OAuth2TokenRepository and this seems to be one
level higher up the code calling stack

Dominik Schmich wrote:
>
> Classification: *For internal use only*
>
> Hi Chris,
>
>  
>
> can you point me to „your proposed solution“? I didn’t find it J
>
>  
>
> Beste Grüße / Kind regards,
> Dominik Schmich
>
> *From:*Chris Hutton [mailto:chris.hutton at callsign.com]
> *Sent:* Dienstag, 13. Dezember 2016 12:04
> *To:* Dominik Schmich <dominik.schmich at db.com>
> *Cc:* jricher at mit.edu; mitreid-connect at mit.edu
> *Subject:* Re: [mitreid-connect] Storage of Tokens in DB [I]
>
>  
>
> It seems that you could can pass a JTI or hashed value into the
> DefaultOAuth2ProviderTokenService (OAuth2TokenEntityService) before it
> calls the JpaOAuth2TokenRepository (OAuth2TokenRepository).
>
> There are a couple of methods to watch out for:
> - OAuth2TokenRepository#getAccessTokenByValue
> - OAuth2TokenRepository#getRefreshTokenByValue
> With both these methods in my proposed solution, the parameter would
> become the hashed value or JTI.
>
> There are a number of methods in the /tokens api that expose the token
> object for example TokenAPI#getAccessTokenById using
> m.put(JsonEntityView.ENTITY, token); however I don't think external
> API clients use the token value.
>
> -- 
> Chris Hutton
>
> Head of Development
>
> Callsign Inc.
>
> [C] chris <https://get.callsign.com/chris>
>
>
>
> --------------------------------------------------------------- This
> message
> was pgp signed but couldn't be verified successfully. Typically this
> is caused
> because Deutsche Bank hasn't yet trusted the PGP key of the sender.
>
>
>
> ---
> Die Europäische Kommission hat unter
> http://ec.europa.eu/consumers/odr/ eine Europäische
> Online-Streitbeilegungsplattform (OS-Plattform) errichtet. Die
> OS-Plattform kann ein Verbraucher für die außergerichtliche Beilegung
> einer Streitigkeit aus Online-Verträgen mit einem in der EU
> niedergelassenen Unternehmen nutzen.
>
> Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb
> der EU tätigen Gesellschaften und Zweigniederlassungen des Konzerns
> Deutsche Bank finden Sie unter
> https://www.deutsche-bank.de/Pflichtangaben. Diese E-Mail enthält
> vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie
> nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten
> haben, informieren Sie bitte sofort den Absender und vernichten Sie
> diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe
> dieser E-Mail ist nicht gestattet.
>
> The European Commission has established a European online dispute
> resolution platform (OS platform) under
> http://ec.europa.eu/consumers/odr/. The OS platform can be used by a
> consumer for the extra-judicial settlement of a dispute of online
> contracts with a provider established in the EU companies.
>
> Please refer to https://www.db.com/disclosures for information
> (including mandatory corporate particulars) on selected Deutsche Bank
> branches and group companies registered or incorporated in the
> European Union. This e-mail may contain confidential and/or privileged
> information. If you are not the intended recipient (or have received
> this e-mail in error) please notify the sender immediately and delete
> this e-mail. Any unauthorized copying, disclosure or distribution of
> the material in this e-mail is strictly forbidden.

-- 
Chris Hutton
Head of Development
Callsign Inc.
[C] chris <https://get.callsign.com/chris>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20161213/0eeba43e/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 906 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20161213/0eeba43e/attachment-0001.bin