<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:"Arial Unicode MS";
        panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"\@Arial Unicode MS";
        panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;
        color:black;}
span.EmailStyle18
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="DE" link="blue" vlink="purple">
<div class="WordSection1">
<p><span style="font-size:10.0pt;font-family:"Arial Unicode MS",sans-serif">Classification:
<b>For internal use only</b></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Ahh, got it
</span><span style="font-size:11.0pt;font-family:Wingdings;color:#1F497D;mso-fareast-language:EN-US">J</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">I guess it can be related to
<a href="https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/55">
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/55</a> aswell.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt;text-autospace:none"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Beste Grüße / Kind regards,<br>
Dominik Schmich</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><a name="_____replyseparator"></a><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">
Chris Hutton [mailto:chris.hutton@callsign.com] <br>
<b>Sent:</b> Dienstag, 13. Dezember 2016 12:17<br>
<b>To:</b> Dominik Schmich <dominik.schmich@db.com><br>
<b>Cc:</b> jricher@mit.edu; mitreid-connect@mit.edu<br>
<b>Subject:</b> Re: [mitreid-connect] Storage of Tokens in DB [I]<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi Dominik,<br>
<br>
It was more of a theoretical solution rather than a branch on GitHub. We have implemented our own OAuth2TokenRepository and this seems to be one level higher up the code calling stack<br>
<br>
Dominik Schmich wrote:<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p><span style="font-size:10.0pt">Classification: <b>For internal use only</b></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Hi Chris,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">can you point me to „your proposed solution“? I didn’t find it
</span><span lang="EN-US" style="font-size:11.0pt;font-family:Wingdings;color:#1F497D;mso-fareast-language:EN-US">J</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;text-autospace:none"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Beste Grüße / Kind regards,<br>
Dominik Schmich</span><o:p></o:p></p>
</div>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> Chris Hutton [<a href="mailto:chris.hutton@callsign.com">mailto:chris.hutton@callsign.com</a>]
<br>
<b>Sent:</b> Dienstag, 13. Dezember 2016 12:04<br>
<b>To:</b> Dominik Schmich <a href="mailto:dominik.schmich@db.com"><dominik.schmich@db.com></a><br>
<b>Cc:</b> <a href="mailto:jricher@mit.edu">jricher@mit.edu</a>; <a href="mailto:mitreid-connect@mit.edu">
mitreid-connect@mit.edu</a><br>
<b>Subject:</b> Re: [mitreid-connect] Storage of Tokens in DB [I]</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">It seems that you could can pass a JTI or hashed value into the DefaultOAuth2ProviderTokenService (OAuth2TokenEntityService) before it calls the JpaOAuth2TokenRepository (OAuth2TokenRepository).
<br>
<br>
There are a couple of methods to watch out for:<br>
- OAuth2TokenRepository#getAccessTokenByValue<br>
- OAuth2TokenRepository#getRefreshTokenByValue<br>
With both these methods in my proposed solution, the parameter would become the hashed value or JTI.<br>
<br>
There are a number of methods in the /tokens api that expose the token object for example TokenAPI#getAccessTokenById using m.put(JsonEntityView.ENTITY, token); however I don't think external API clients use the token value.<o:p></o:p></p>
<div>
<p class="MsoNormal">-- <br>
Chris Hutton <o:p></o:p></p>
<div>
<p class="MsoNormal">Head of Development<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Callsign Inc.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">[C] <a href="https://get.callsign.com/chris">chris</a><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><br>
<br>
--------------------------------------------------------------- This message<br>
was pgp signed but couldn't be verified successfully. Typically this is caused<br>
because Deutsche Bank hasn't yet trusted the PGP key of the sender.<o:p></o:p></p>
<p class="MsoNormal"><br>
<span style="font-family:"Arial",sans-serif"><br>
---<br>
Die Europäische Kommission hat unter <a href="http://ec.europa.eu/consumers/odr/">
http://ec.europa.eu/consumers/odr/</a> eine Europäische Online-Streitbeilegungsplattform (OS-Plattform) errichtet. Die OS-Plattform kann ein Verbraucher für die außergerichtliche Beilegung einer Streitigkeit aus Online-Verträgen mit einem in der EU niedergelassenen
Unternehmen nutzen.<br>
<br>
Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb der EU tätigen Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank finden Sie unter
<a href="https://www.deutsche-bank.de/Pflichtangaben">https://www.deutsche-bank.de/Pflichtangaben</a>. Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten
haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.<br>
<br>
The European Commission has established a European online dispute resolution platform (OS platform) under
<a href="http://ec.europa.eu/consumers/odr/">http://ec.europa.eu/consumers/odr/</a>. The OS platform can be used by a consumer for the extra-judicial settlement of a dispute of online contracts with a provider established in the EU companies.<br>
<br>
Please refer to <a href="https://www.db.com/disclosures">https://www.db.com/disclosures</a> for information (including mandatory corporate particulars) on selected Deutsche Bank branches and group companies registered or incorporated in the European Union.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution
of the material in this e-mail is strictly forbidden.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">-- <br>
Chris Hutton <o:p></o:p></p>
<div>
<p class="MsoNormal">Head of Development<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Callsign Inc.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">[C] <a href="https://get.callsign.com/chris">chris</a><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><br>
<br>
--------------------------------------------------------------- This message<br>
was pgp signed but couldn't be verified successfully. Typically this is caused<br>
because Deutsche Bank hasn't yet trusted the PGP key of the sender.<o:p></o:p></p>
</div>
<br>
<font face="Arial" color="Black" size="3"><br>
---<br>
Die Europäische Kommission hat unter http://ec.europa.eu/consumers/odr/ eine Europäische Online-Streitbeilegungsplattform (OS-Plattform) errichtet. Die OS-Plattform kann ein Verbraucher für die außergerichtliche Beilegung einer Streitigkeit aus Online-Verträgen
mit einem in der EU niedergelassenen Unternehmen nutzen.<br>
<br>
Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb der EU tätigen Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank finden Sie unter https://www.deutsche-bank.de/Pflichtangaben. Diese E-Mail enthält vertrauliche und/ oder
rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser
E-Mail ist nicht gestattet.<br>
<br>
The European Commission has established a European online dispute resolution platform (OS platform) under http://ec.europa.eu/consumers/odr/. The OS platform can be used by a consumer for the extra-judicial settlement of a dispute of online contracts with a
provider established in the EU companies.<br>
<br>
Please refer to https://www.db.com/disclosures for information (including mandatory corporate particulars) on selected Deutsche Bank branches and group companies registered or incorporated in the European Union. This e-mail may contain confidential and/or privileged
information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.<br>
</font>
</body>
</html>