Apart from the above, "triggerPostRevokeListeners" method invocation is happening inside the loop sending the whole "AccessTokenDO" always [1].
So if the "AccessTokenDO" set has "n" number of objects, "triggerPostRevokeListeners" method invocation is happening "n" times and in each time, an array of "n" number of tokens are passed to the method. [1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v5.5.178/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminService.java#L706 Thanks, On Wed, Jan 17, 2018 at 10:50 AM, Hasanthi Purnima Dissanayake < [email protected]> wrote: > Hi All, > > In the method [1] which is used to revoke access tokens by resource > owners, it iterates all ACTIVE or EXPIRED access tokens for the particular > client authorized by the user. > > // retrieve all ACTIVE or EXPIRED access tokens for particular client > authorized by this user > > > Set<AccessTokenDO> accessTokenDOs = OAuthTokenPersistenceFactory.g > etInstance() > .getAccessTokenDAO().getAccessTokens(appDTO.getOauthConsumerKey(), > user, userStoreDomain, true); > Inside the foreach the auth cache is cleared for the tokens one by one > which is fetched from the accessTokenDOs. > > for (AccessTokenDO accessTokenDO : accessTokenDOs) { ... > OAuthUtil.clearOAuthCache(accessTokenDO.getAccessToken()); > > > // retrieve latest access token for particular client, user and scope > combination if its ACTIVE or EXPIRED > scopedToken = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO(). > getLatestAccessToken(appDTO.getOauthConsumerKey(), user, userStoreDomain, > Auth2Util.buildScopeString(accessTokenDO.getScope()), true); .... //Revoking > token from database > OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO() > .revokeAccessTokens(new String[]{scopedToken.getAccessToken()}); > > ... > } > > Then inside the for each it self it retrieves the latest access token for > the particular client, user and for the particular scope if the token is > ACTIVE or EXPIRED. This token is revoked from the db inside the for each. > > I have two questions here. > > 1. We clear the auth cache based on the access token which is fetched from > accessTokensDo and revoke the scopedToken from the db which can be > different. > > 2. As there are multiple db calls are happening here can't we move the > logic of revoking token from db to out side of the for each as the DAO > method is supporting for batch operations. > > Highly appreciate your feedback on this. > > [1] https://github.com/wso2-extensions/identity-inbound- > auth-oauth/blob/master/components/org.wso2.carbon. > identity.oauth/src/main/java/org/wso2/carbon/identity/ > oauth/OAuthAdminService.java#L627 > > Thanks. > > -- > > Hasanthi Dissanayake > > Senior Software Engineer | WSO2 > > E: [email protected] > M :0718407133| http://wso2.com <http://wso2.com/> > -- Maduranga Siriwardena Senior Software Engineer WSO2 Inc; http://wso2.com/ Email: [email protected] Mobile: +94718990591 Blog: *https://madurangasiriwardena.wordpress.com/ <https://madurangasiriwardena.wordpress.com/>* <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
