cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <>
Subject [jira] [Commented] (CXF-6692) Update AbstractOAuthDataProvider to support JWT access tokens
Date Mon, 08 Aug 2016 13:23:20 GMT


Sergey Beryozkin commented on CXF-6692:

It should be configurable how to represent a token, for example, by default it is a binary
value pointing to DB and the RS filters need to call the introspection service.  Token in
a JWS or JWE format becomes much more verbose - though RS may choose to validate it locally

> Update AbstractOAuthDataProvider to support JWT access tokens
> -------------------------------------------------------------
>                 Key: CXF-6692
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>            Reporter: Sergey Beryozkin
>            Assignee: Sergey Beryozkin
>             Fix For: 3.2.0, 3.1.8
> CXF already ships DefaultEncryptingOAuthProvider which can be used by the servers to
avoid storing the OAuth2 model, it uses a custom seriallization format. It makes sense to
offer a provider which uses a JWT token as a properties container before encrypting it.  

This message was sent by Atlassian JIRA

View raw message