[
https://issues.apache.org/jira/browse/CXF-6692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15411801#comment-15411801
]
Sergey Beryozkin commented on CXF-6692:
---------------------------------------
It should be configurable how to represent a token, for example, by default it
is a binary value pointing to DB and the RS filters need to call the
introspection service. Token in a JWS or JWE format becomes much more verbose
- though RS may choose to validate it locally
> Update AbstractOAuthDataProvider to support JWT access tokens
> -------------------------------------------------------------
>
> Key: CXF-6692
> URL: https://issues.apache.org/jira/browse/CXF-6692
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Reporter: Sergey Beryozkin
> Assignee: Sergey Beryozkin
> Fix For: 3.2.0, 3.1.8
>
>
> CXF already ships DefaultEncryptingOAuthProvider which can be used by the
> servers to avoid storing the OAuth2 model, it uses a custom seriallization
> format. It makes sense to offer a provider which uses a JWT token as a
> properties container before encrypting it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
