Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authorizationRequestParameters isAuthorized flag #102

Open
olivierbufalini opened this issue Jan 3, 2018 · 2 comments
Open

authorizationRequestParameters isAuthorized flag #102

olivierbufalini opened this issue Jan 3, 2018 · 2 comments

Comments

@olivierbufalini
Copy link

in the Mongo DB seems like in the collection authorizationRequestParameters isAuthorized is always set to false, is it normal?

Also it seems like after sometimes the record get removed from the collection accessParameters is that related ? is there something that removes the records in that collection after say 24hours if the isAuthorized is set to false ?
@emersonf
Copy link
Member

emersonf commented Jan 5, 2018

isAuthorized is a transient DTO field from ages ago that made its way into the persistence model. It should get removed.

The reason accessParameters documents are sometimes deleted is that's how Spring Security OAuth 2.0 works when an access token expires and a refresh is going to be initiated. The problem is that if the refresh fails, the refresh token is gone too. I'm not sure how well SS O2 is being maintained, I've been looking into alternatives.

@olivierbufalini
Copy link
Author

Ok I see, when does the refresh is initiated ? when a new request is made and the token has expired ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@emersonf @olivierbufalini