[
https://issues.apache.org/jira/browse/SYNCOPE-1420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16726658#comment-16726658
]
ASF subversion and git services commented on SYNCOPE-1420:
----------------------------------------------------------
Commit 10f5c397dcc40e98e09ef025fd6a3de92a30f2f4 in syncope's branch
refs/heads/master from Francesco Chicchiriccò
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=10f5c39 ]
[SYNCOPE-1420] Replacing expired access tokens upon login
> Expired Access Tokens might impede successful authentication
> ------------------------------------------------------------
>
> Key: SYNCOPE-1420
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1420
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.11, 2.1.2
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Labels: jwt
> Fix For: 2.0.12, 2.1.3, 3.0.0
>
>
> The {{ExpiredAccessTokenCleanup}} task is set to run every 5 minutes by
> default: this timing can be reduced to 2 minutes, but not less - as any other
> job driven by Quartz.
> It could happen, then, that for a period of at least 2 minutes (5 by
> default), all authentication attempts will fail by any user which owns an
> expired, yet still not removed, Access Token.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
