Colm O hEigeartaigh created CXF-7806:
----------------------------------------
Summary: Add option to create JWT access tokens without persisting
them
Key: CXF-7806
URL: https://issues.apache.org/jira/browse/CXF-7806
Project: CXF
Issue Type: Task
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 3.2.6
Right now for the OAuth 2.0 data provider, we can issue access tokens in JWT
format by specifying the "useJwtFormatForAccessTokens" property. However this
persists the encoded JWT token, something that is problematic with the JPA
provider as the Id column of the AccessToken class can't handle the size of the
token.
I propose to add a new property called "persistJwtEncoding" to be used in
conjunction with "useJwtFormatForAccessTokens". By default "persistJwtEncoding"
is true for backwards compatibility reasons.
When "persistJwtEncoding" is false, then the AccessToken that is persisted just
contains the Id (opaque String) as for the non-useJwtFormatForAccessTokens
case. However, the JWT-encoded access token is returned to the client.
For the AbstractAccessTokenValidator and the TokenIntrospectionService, we can
also set "persistJwtEncoding" to false to validate and parse the received token
into a JWTToken. The Id is then extracted from the token and used to retrieve
the access token from storage.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
