I have created an application using this go-oauth2 packages and hosted them in 2 different data centers with a load balancer is running on round robin strategy.
The problem is if client has retrieved token through Data Center A then next call goes Data Center B and still the validation is successful. Ideally it should not be doing that. How to block this process of retrieval from one and validation through other.
I don't know the internal validation flow of this package but this might bring an issue. Consider, if I copy paste my token separately and make a call to any of the application anywhere in the organization using same go-oauth2 package then it will accept the validation.
Could you please suggest what am I missing here and these 2 things necessary here.
If oauth server restarts then all the target applications must renew their tokens
Server receiving the client id and secret for token should only be liable to validate the further token requests
Team,
I have created an application using this go-oauth2 packages and hosted them in 2 different data centers with a load balancer is running on round robin strategy.
The problem is if client has retrieved token through Data Center A then next call goes Data Center B and still the validation is successful. Ideally it should not be doing that. How to block this process of retrieval from one and validation through other.
I don't know the internal validation flow of this package but this might bring an issue. Consider, if I copy paste my token separately and make a call to any of the application anywhere in the organization using same go-oauth2 package then it will accept the validation.
Could you please suggest what am I missing here and these 2 things necessary here.
Please suggest