TechQA.

DefaultTokenServices fail to store enhanced refresh token when refreshAccessToken method is invoked

237 views Asked by At

In contrast to the createAccessToken method where the enhanced version of the refresh token is saved, the refreshAccessToken method saves the refresh token without enhancements.

I believe the behaviour should be something on these lines:

OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
    tokenStore.storeAccessToken(accessToken, authentication);
    // In case it was modified
    refreshToken = accessToken.getRefreshToken();
    if (refreshToken != null) {
        tokenStore.storeRefreshToken(refreshToken, authentication);
    }
    return accessToken;

Can this be considered a bug?

I created an issue for this https://github.com/spring-projects/spring-security-oauth/issues/511

spring spring-security-oauth2
Original Q&A
0

There are 0 answers

Related Questions in SPRING

Related Questions in SPRING-SECURITY-OAUTH2

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions