[ 
https://issues.apache.org/jira/browse/SLING-8869?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mohit Arora updated SLING-8869:
-------------------------------
    Description: 
While saving the {{contextKeyExecutor}} in {{DistributionTransportContext}} 
map, it is not expected that the secret associated with the executor could be 
expired. This can happen in case of access token based implementations where 
the token is expired after a certain period of time and has to be refreshed.

The code to refresh the token is written in the secret provider but since the 
executor is [cached in the map|#L208]] the secrets are not refreshed. It works 
fine for credentials based secret provider but not for access token based.

cc - [~marett]

  was:
While saving the {{contextKeyExecutor}} in {{DistributionTransportContext}} 
map, it is not expected that the secret associated with the executor could be 
expired. This can happen in case of access token based implementations where 
the token is expired after a certain period of time and has to be refreshed.

The code to refresh the token is written in the secret provider but since the 
executor is [cached in the map|#L208]] the secrets are not refreshed. It works 
fine for credentials based secret provider but not for access token based.

 

cc - [~marett]


> SimpleHttpDistributionTransport does not refresh the secret for token based 
> implementations.
> --------------------------------------------------------------------------------------------
>
>                 Key: SLING-8869
>                 URL: https://issues.apache.org/jira/browse/SLING-8869
>             Project: Sling
>          Issue Type: Bug
>          Components: Content Distribution
>            Reporter: Mohit Arora
>            Priority: Critical
>             Fix For: Content Distribution Core 0.4.2
>
>         Attachments: SLING-8869.patch
>
>
> While saving the {{contextKeyExecutor}} in {{DistributionTransportContext}} 
> map, it is not expected that the secret associated with the executor could be 
> expired. This can happen in case of access token based implementations where 
> the token is expired after a certain period of time and has to be refreshed.
> The code to refresh the token is written in the secret provider but since the 
> executor is [cached in the map|#L208]] the secrets are not refreshed. It 
> works fine for credentials based secret provider but not for access token 
> based.
> cc - [~marett]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to