Remove OAuth2AuthenticationToken.AccessToken #4522
Labels
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
Milestone
Uh oh!
There was an error while loading. Please reload this page.
An
AccessToken
lives longer than anAuthentication
. For example, a user's authenticated session may last for an hour, whereas theAccessToken
associated with the user andAuthorizedClient
may last a day.We should remove this association and start leveraging
SecurityTokenRepository<AccessToken>
when theAuthorizedClient
needs theAccessToken
to make a protected resource call.The text was updated successfully, but these errors were encountered: