AccessToken should be serializable to put it in a web session, for example. But to do this we have to agree upon whether the current implementation is sufficient. At this time OSIAM's access tokens are quite simple, maybe too simple for more advanced use cases. Moreover we are still planning to sign tokens, which would at least add a new field (signature). I don't know whether adding a field is considered safe in respect of @Serializable or not.
tkrille
commented
7 years ago
AccessTokenshould be serializable to put it in a web session, for example. But to do this we have to agree upon whether the current implementation is sufficient. At this time OSIAM's access tokens are quite simple, maybe too simple for more advanced use cases. Moreover we are still planning to sign tokens, which would at least add a new field (signature). I don't know whether adding a field is considered safe in respect of@Serializableor not.See also osiam/scim-schema#129.