vbudhram
commented
6 years ago @mozilla/fxa-devs The approach taken here is to stash the value in the codes table and use it when generating the id token. Does this make sense? or is there another way?
Closed vbudhram closed 6 years ago
vbudhram
commented
6 years ago @mozilla/fxa-devs The approach taken here is to stash the value in the codes table and use it when generating the id token. Does this make sense? or is there another way?
vbudhram
commented
6 years ago After working through profile-server, moving this back to WIP. ISTM, that I need to update the /verify route to return profileChangedAt to profile-server.
vbudhram
commented
6 years ago @mozilla/fxa-devs I think this is ready for an official review!
vbudhram
commented
6 years ago @rfk Thanks for review! Updated this to not store in token claims or return value in /authorization /token routes.
Connects to https://github.com/mozilla/fxa-auth-server/issues/2490
This PR adds the
fxa-profileChangedAtclaim to the id token, and stores this value in the codes, refreshToken, tokens table. While the data is a bit duplicated, it is consistent with how things work on the oauth server.The profile server will use the
profileChangedAtvalue from tokens and compare it to the value return by the auth-server/account/profileroute. If it is older then it will invalidate the profile server cache and fetch latest.