Custom TokenHandleStore Key Uniqueness

IdentityServer / IdentityServer3

OpenID Connect Provider and OAuth 2.0 Authorization Server Framework for ASP.NET 4.x/Katana

https://identityserver.github.io/Documentation/

Apache License 2.0

2.01k stars 763 forks source link

Custom TokenHandleStore Key Uniqueness #3838

Closed haquex19 closed 7 years ago

haquex19 commented 7 years ago

[x] I read and understood how to enable logging

Question / Issue

Hello, I have a question on something I couldn't find on the docs. I have implemented a custom TokenHandleStore and a RefreshTokenStore. In the method "StoreAsync" a key is passed as an argument. Is this key guaranteed to be unique per token? Or is uniqueness considered to be key + subject?

codyskidmore commented 7 years ago

This might be helpful. https://github.com/IdentityServer/IdentityServer3.EntityFramework/blob/5f132118e250f1253e4b9a96408ff74f6f7bc7b2/Source/Core.EntityFramework/Stores/RefreshTokenStore.cs

Token lookups use the keys (passed as a parameter) and token types (refresh token). The Tokens table combines key and type as a primary key.

haquex19 commented 7 years ago

Thanks for the information. The link you provided looks like an implementation and it assumes the key is unique. I will go ahead and make the same assumption. This can be closed.