Thank you for your answer.
I have a bit of a concern about making the refresh tokens never expiring,
since that would increase the possibility of intercepting the refresh token.
I'll have a poke at the code and see if I can possible make a new flag in
the properties that users can set, and then make a pull request.
Regards
Anders Olsen
Den torsdag den 1. februar 2018 kl. 14.48.02 UTC+1 skrev Misagh Moayyed:
>
> There isn't, but you can design an expiration policy for the relevant
> tokens so they don't ever expire.
>
> --Misagh
>
> ------------------------------
>
> *From: *"Anders Olsen" <anders...@dof.dk <javascript:>>
> *To: *cas-...@apereo.org <javascript:>
> *Sent: *Thursday, February 1, 2018 4:06:54 AM
> *Subject: *[cas-user] [OAuth2] Generate new refresh token when using a
> previous refresh-token
>
> Hi everyone!
>
>
>
> I am currently working on setting up CAS as the new SSO solution for our
> website.
>
> In addition to a traditional website, we also have native apps for Android
> and (soon) iOS that uses OAuth2 to authenticate as they need to have
> offline capability and thus cannot use a regular session.
>
>
>
> I have got most of the OAuth2 functionality to work, using this service
> definition:
>
>
>
> {
> "@class" :
> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
> "clientId": "XXX",
> "clientSecret": "XXXXX",
> "generateRefreshToken" : *true*,
> "jsonFormat" : *true*,
> "supported_grants" : ["password", "refresh_token"],
> "name" : "OAuth2 (Android)",
> "id" : 201801311512
> }
>
>
>
> (Client ID and Secret has been obfuscated..)
>
>
>
> This also works fine to gain access tokens:
>
> Using password:
>
> {
>
> "access_token": "AT-1-82jDv1D3pkvex5C1UYjKreBdhhw5omzc",
>
> "token_type": "bearer",
>
> "expires_in": 28800,
>
> "refresh_token": "RT-1-so451CeJyePgl2RmXnefODw0nV9jTAgX"
>
> }
>
>
>
> Using refresh token:
>
>
>
> {
>
> "access_token": "AT-2-7a6-eLsKlX9-jyYynqFjTqsneLE8WnlN",
>
> "token_type": "bearer",
>
> "expires_in": 28800
>
> }
>
>
>
> However, this means that when the refresh token expires, the user is
> totally shut out of CAS and has to re-login with his credentials.
>
> I would like for the user to never have to login again after logging in
> the first time.
>
>
>
> Our previous OAuth2 server is based on
> http://bshaffer.github.io/oauth2-server-php-docs/ and one of the settings
> there, under
> http://bshaffer.github.io/oauth2-server-php-docs/grant-types/refresh-token/
> is a flag “always_issue_new_refresh_token” which is default false but can
> be set to true to give the user a new refresh token whenever the previous
> refresh token is used for creating a new access token.
>
>
>
> Is there a setting or configuration in CAS that will enable the same
> behavior ?
>
>
>
> Thank you for your time.
>
>
>
>
>
> Regards,
>
> *Anders Olsen*
>
> Softwareudvikler
>
> Software Developer
>
>
>
> Tel +45 3328 3800
>
>
>
>
>
>
> [image: https://integration.dof.dk/assets/small/birdlife_dof_100px.png]
>
> [image: https://integration.dof.dk/assets/small/fb.png]
> <https://www.facebook.com/birdlifedk> [image:
> https://integration.dof.dk/assets/small/instagram.png]
> <https://www.instagram.com/danmarksfugle> [image:
> https://integration.dof.dk/assets/small/youtube.png]
> <https://www.youtube.com/user/DOFBirdlife>
>
> DOF / Birdlife Denmark | Vesterbrogade 140 | 1620 København V | www.dof.dk
>
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org <javascript:>.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3B91F9D1-39B8-4549-9AE7-5C4A4E946AF2%40dof.dk
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3B91F9D1-39B8-4549-9AE7-5C4A4E946AF2%40dof.dk?utm_medium=email&utm_source=footer>
> .
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8e541244-9c9c-435c-b9ee-6cc48bfedb6e%40apereo.org.
