Implement offline tokens natively in Auth #577

sbose78 · 2018-08-06T06:38:06Z

as a dependency of #350

If /api/login has scope=offline_access param,
generate a token with an expiry of 365 days.

Validate if the token is an offline token using the "jti" claim, and if yes, check if it was last used within 30 days using the TOKEN_ACCESS_LOG table ( https://www.dbdesigner.net/designer/schema/98194 )
If yes, generate a new access token and return it.

Dependencies:

The text was updated successfully, but these errors were encountered:

sbose78 · 2018-08-07T03:41:51Z

( move to different place.. )

Store access/refresh/offline token info in TOKEN table ( to be renamed from RPT token table )
https://www.dbdesigner.net/designer/schema/98194 . This endpoint Add 'invalidate all tokens' for a user API endpoint #580 can be used invalidate all tokens a user is currently using.
Add a new token access log table.
Use the info in (2) for offline token usage: An offline token is a special refresh token which if not used more than once in 30 days expires.

xcoulon · 2018-09-13T08:59:10Z

Offline tokens will not be supported in the future, so no need to implement this feature in fabric8-auth

sbose78 added Keycloak migration labels Aug 6, 2018

sbose78 mentioned this issue Aug 6, 2018

Use developers.redhat.com Identity Provider directly from Auth service #350

Open

8 tasks

dipak-pawar added this to the Sprint 154-3 milestone Sep 4, 2018

dipak-pawar self-assigned this Sep 4, 2018

xcoulon modified the milestones: Sprint 154-3, Sprint 155-1 Sep 10, 2018

xcoulon closed this as completed Sep 13, 2018

xcoulon modified the milestones: Sprint 155-1, Sprint 155 Oct 1, 2018

Provide feedback