cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <>
Subject [jira] [Commented] (CXF-4834) AccessTokenService not include issuedAt on ClientAccessToken
Date Tue, 19 Feb 2013 15:47:13 GMT


Sergey Beryozkin commented on CXF-4834:

"expires_in" is actually reported by default - the reason this can be made optional is that
OAuth2 says it is an optional parameter. I think if the admin decides (mostly for security
reasons I guess) not to report it then the client, upon receiving 401 from the resource server,
will need to request a new one (by repeating the original flow where this token was acquired)
or use a refresh token grant to refresh a token; I think realistically, what this parameter
can really help the client with, is to avoid a futile attempt to request a resource when a
token has already expired - so this is mostly allows for an optimization; of for the client-driven
revocation, with the latest token revocation draft
> AccessTokenService not include issuedAt on ClientAccessToken
> ------------------------------------------------------------
>                 Key: CXF-4834
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>    Affects Versions: 2.7.3
>            Reporter: David
>            Priority: Minor
>             Fix For: 2.7.3
> I'm currently using ClientAccessToken AccessTokenService and is not included issuedAt
value is always -1. Could you include the value of serverToken issuedAt in ClientAccessToken?

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message