Robert Munteanu created SLING-12975:
---------------------------------------
Summary: Refreshing OAuth access tokens can remove current refresh
token
Key: SLING-12975
URL: https://issues.apache.org/jira/browse/SLING-12975
Project: Sling
Issue Type: Improvement
Components: Authentication
Affects Versions: OAuth Client 0.1.2
Reporter: Robert Munteanu
Assignee: Robert Munteanu
Fix For: OAuth Client 0.1.4
The {{OAuthTokenRefresherImpl}} uses the current refresh token and hands back
the results of posting that to the token endpoint. Afterwards it returns the
response, which is directly persisted by the {{TokenAccessImpl}} using the
configured {{OAuthTokenStore}}.
The {{TokenAccessImpl}} should have additional logic to pass in the existing
refresh token if the {{OAuthTokenRefresherImpl}} does not return a new refresh
token.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
