Skip to content

Remove OAuth2AuthenticationToken.AccessToken #4522

Closed
@jgrandja

Description

@jgrandja

An AccessToken lives longer than an Authentication. For example, a user's authenticated session may last for an hour, whereas the AccessToken associated with the user and AuthorizedClient may last a day.

We should remove this association and start leveraging SecurityTokenRepository<AccessToken> when the AuthorizedClient needs the AccessToken to make a protected resource call.

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions