Open nl594 opened 2 years ago
the follow issue have the question. https://github.com/spring-projects/spring-security-oauth/issues/1908
and I do not think the following commit fix it, because the method RedisTokenStore.removeRefreshToken my be not called. https://github.com/spring-projects/spring-security-oauth/issues/1836
The ACCESS_TO_REFRESH have a same expire time with refresh token not the access token, the access token xxx may be already expired in redis,but the access_to_refesh:xxx is still in redis。 What is access_to_refesh:xxx used for ? I think access_to_refesh:xxx should have the same expire time with access token xxx, if access token xxx is expired,access_to_refesh:xxx need expired too,Otherwise, it will occupy redis space.
Does anyone can explain this ?
https://github.com/spring-projects/spring-security-oauth/blob/2b58aafecac336e82f20ea43da9b208b0a4a40dd/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java#L232