incubator-amber-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Preeti Yarashi <preeti.yara...@oracle.com>
Subject Token Persistence and Validation
Date Tue, 12 Apr 2011 06:45:37 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta http-equiv="content-type" content="text/html;
      charset=ISO-8859-1">
  </head>
  <body bgcolor="#ffffff" text="#000000">
    Hi,<br>
    <br>
    Does Amber provide any guidance or support for token
    (access/refresh) persistence and validation? I see that Amber
    libraries provide support for token generation but is there any
    support or guidance for<br>
    <ol>
      <li>How an authorization server implementation persists tokens
        issued and how does it validate (check for token match, expiry
        time, etc) the tokens passed in Oauth requests?</li>
      <li>How an Oauth Client expects to persist tokens issued by the
        authorization server?<br>
      </li>
    </ol>
    I saw that there are some validator packages
    (org.apache.amber.oauth2.as.validator,
    org.apache.amber.oauth2.client.validator,
    org.apache.amber.oauth2.rs.validator) in the library but it was
    unclear how this is expected to be used considering the library
    didnt seem to provide support for token persistence so what would
    the validation be done against? My initial impression was that it
    was used internally to validate the sanctity of Oauth authorization
    and token requests.<br>
    <h2>
    </h2>
    regards,<br>
    <font color="#888888">Preeti</font>
  </body>
</html>

Mime
View raw message