Hello, We're trying to implement a special case behavior in CAS 5 concerning OAuth. When a user authenticates, a TGT, refresh token, and access token are generated. By default when the TGT expires, the refresh token and access token are also removed (lambda defined by CasCoreLogoutConfiguration::configureLogoutExecutionPlan). We'd like to special case one of our services and change this behavior so that when a TGT expires the refresh token and access token remain. This is because our service expects a very long lifetime for the refresh token and currently doesn't reprompt for authentication if the refresh token is invalid. We don't want to increase the lifetime of all TGTs (via cas.ticket.tgt.timeout.maxTimeToLiveInSeconds) because that would affect other services and is too broad.
Is there a recommended approach for implementing this behavior? It looks like overriding the logoutExecutionPlan bean is one potential approach. Has anyone tried overriding logoutExecutionPlan or DefaultLogoutManager? Or, if there is another approach that better fits what we're trying to achieve, please do share. We aren't concerned with the SSO aspect of CAS for this particular service, we just want a long lasting refresh token that isn't governed by a parent TGT. Interested in any direction or help the community can provide. Thanks, Caleb -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a3b44314-dca0-4c27-a8ba-ec5cf479cba7%40apereo.org.
