Hi Ghislain On 03/10/12 16:21, gbmamat wrote:
Hi Sergey,Thank you for your answer. I think it is indisponsable persist following data: -Client: This table can be customize and adapt depending on the model customer data -ServerAccessToken -OAuthPermission -User -Role these data are not temporary. Indeed, if they are not persisted, it will be lost after reboot server OAuth2, plus you can not update its data (eg adding a new scope, adding dynamic client, ...) without reloading the OAuth2 server.
Sure, I was really referring to the info which captures the agreement from the user (effectively a grant), the storage of which can be optimized. That really depends on the application - if it is important that a user grant survives the restart then it has to be persisted, otherwise, perhaps it makes sense to get a client to re-authorize if it waited too long for attempting to exchange a grant for a token, too long a period might indicate a security concern...
Sergey
What do you think? Regards, Ghislain -- View this message in context: http://cxf.547215.n5.nabble.com/Using-Database-to-store-OAuth2-0-server-informations-tp5715521p5715540.html Sent from the cxf-user mailing list archive at Nabble.com.
-- Sergey Beryozkin Talend Community Coders http://coders.talend.com/ Blog: http://sberyozkin.blogspot.com
