cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-6692) Update AbstractOAuthDataProvider to support JWT access tokens
Date Mon, 08 Aug 2016 13:23:20 GMT

    [ https://issues.apache.org/jira/browse/CXF-6692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15411801#comment-15411801
] 

Sergey Beryozkin commented on CXF-6692:
---------------------------------------

It should be configurable how to represent a token, for example, by default it is a binary
value pointing to DB and the RS filters need to call the introspection service.  Token in
a JWS or JWE format becomes much more verbose - though RS may choose to validate it locally

> Update AbstractOAuthDataProvider to support JWT access tokens
> -------------------------------------------------------------
>
>                 Key: CXF-6692
>                 URL: https://issues.apache.org/jira/browse/CXF-6692
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>            Reporter: Sergey Beryozkin
>            Assignee: Sergey Beryozkin
>             Fix For: 3.2.0, 3.1.8
>
>
> CXF already ships DefaultEncryptingOAuthProvider which can be used by the servers to
avoid storing the OAuth2 model, it uses a custom seriallization format. It makes sense to
offer a provider which uses a JWT token as a properties container before encrypting it.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message