[
https://issues.apache.org/jira/browse/CXF-7806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated CXF-7806:
-------------------------------------
Attachment: CXF-7806-RT-3.1.patch
> Add option to create JWT access tokens without persisting them
> --------------------------------------------------------------
>
> Key: CXF-7806
> URL: https://issues.apache.org/jira/browse/CXF-7806
> Project: CXF
> Issue Type: Task
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Attachments: CXF-7806-RT-3.1.patch, CXF-7806-RT.patch,
> CXF-7806-systests.patch
>
>
> Right now for the OAuth 2.0 data provider, we can issue access tokens in JWT
> format by specifying the "useJwtFormatForAccessTokens" property. However this
> persists the encoded JWT token, something that is problematic with the JPA
> provider as the Id column of the AccessToken class can't handle the size of
> the token.
> I propose to add a new property called "persistJwtEncoding" to be used in
> conjunction with "useJwtFormatForAccessTokens". By default
> "persistJwtEncoding" is true for backwards compatibility reasons.
> When "persistJwtEncoding" is false, then the AccessToken that is persisted
> just contains the Id (opaque String) as for the
> non-useJwtFormatForAccessTokens case. However, the JWT-encoded access token
> is returned to the client.
> For the AbstractAccessTokenValidator and the TokenIntrospectionService, we
> can also set "persistJwtEncoding" to false to validate and parse the received
> token into a JWTToken. The Id is then extracted from the token and used to
> retrieve the access token from storage.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
