AccessToken should be serializable to put it in a web session, for example. But to do this we have to agree upon whether the current implementation is sufficient. At this time OSIAM's access tokens are quite simple, maybe too simple for more advanced use cases. Moreover we are still planning to sign tokens, which would at least add a new field (signature). I don't know whether adding a field is considered safe in respect of @Serializable or not.
AccessToken
should be serializable to put it in a web session, for example. But to do this we have to agree upon whether the current implementation is sufficient. At this time OSIAM's access tokens are quite simple, maybe too simple for more advanced use cases. Moreover we are still planning to sign tokens, which would at least add a new field (signature
). I don't know whether adding a field is considered safe in respect of@Serializable
or not.See also osiam/scim-schema#129.