[jboss-jira] [JBoss JIRA] (ELY-455) OAuth2 Credential Store

Pedro Igor (JIRA) issues at jboss.org
Wed Nov 9 07:10:00 EST 2016 

    [ https://issues.jboss.org/browse/ELY-455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13319479#comment-13319479 ] 

Pedro Igor commented on ELY-455:
--------------------------------

OAuth2 basically translates to a special type of token that is actually used to actually access resources protected by a resource server, the *access_token*. This protocol also defines another special type of token that can be used to refresh a access_token, the *refresh_token*.

For some OAuth2 Grant Types, the refresh_token is obtained from the same response that returned the access_token. For these grant types, we need to be able to also store the refresh_token in order to be able to refresh a access_token later.

In addition to that, an Access Token Response from an Authorization Server also provides some important information about the access_token such as *expiration* time. This is probably another information that we need to have in the credential store.

>From a design perspective, I think we would need a specific credential type called {{OAuth2AccessTokenCredential}}. This type would be an extension of a {{BearerTokenCredential}} with some additional state to hold information about the access token. For instance, refresh_token and expiration, as mentioned before.

Regarding the logic to actually refresh access tokens and check their validity, we will be using a separated component such as a {{CallbackHandler}}. Which will use the OAuth2 Credential Store to store/retrieve tokens. We already have two JIRAs for these CBHs: ELY-675 and ELY-658.

Any comments ?


> OAuth2 Credential Store
> -----------------------
>
>                 Key: ELY-455
>                 URL: https://issues.jboss.org/browse/ELY-455
>             Project: WildFly Elytron
>          Issue Type: Feature Request
>          Components: Credential Store
>            Reporter: David Lloyd
>            Assignee: Pedro Igor
>             Fix For: 1.1.0.Beta14
>
>
> Need an OAuth2 credential store which can acquire a cached OAuth2 token or instigate a new authentication.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list