Add support persistence for JwtTokenStore

spring-attic / spring-security-oauth

Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.

http://github.com/spring-projects/spring-security-oauth

Apache License 2.0

4.7k stars 4.04k forks source link

Add support persistence for JwtTokenStore #1303

Open Alykoff opened 6 years ago

Alykoff commented 6 years ago

I found the mention in org.springframework.security.oauth2.provider.token.store.JwtTokenStore class :

A TokenStore implementation that just reads data from the tokens themselves. Not really a store since it never persists anything and methods like

getAccessToken(OAuth2Authentication) always return null.

I think it would be good idea to add ability of persistence for class JwtTokenStore.

iagotomas commented 6 years ago

I guess persisting JWT tokens is not very useful as these aren't strictly checked by resource servers , but on the other hand storing refresh tokens might be useful to revoke them later. We got this requirement in our company so the plan is to extend JwtTokenStore and persist refresh tokens for later revocation.