spring - Calling refresh_token doesn't refresh resource ids in token -


flow this:

  1. we have oauth app registered specific resource ids listed, app has access those
  2. after time there need add resource id, extending features of our client app
  3. from time time client app doing refreshing of token, either due errors or access_token expiration.
  4. using check_token on new access_token gives old set of resource ids. seems taken cache or old token itself.

question: shouldn't refresh token refresh resource ids? againts oauth rfc( couldnt find particular case in )?

we ofcourse revoke tokens oauth app, require our users log in again want avoid.

im not sure if related spring cloud security or rather oauth itself. c

this answers assumes resource identifiers equivalent oauth2 describes scopes description purpose seems similar - constrain reach of access token.

when issuing access token refresh request specification states can include scope parameter, however:

the scope of access request described section 3.3. requested scope must not include scope not granted resource owner, , if omitted treated equal scope granted resource owner.

additionally, part of response new refresh token issued, again:

the authorization server may issue new refresh token (...) if new refresh token issued, refresh token scope must identical of refresh token included client in request.

(emphasis mine, section 6. of specification)

this means that, per specification, automatically adding new scopes/resources access token not compliant. however, don't need logout users, should need request resource owner consent new scopes.

again, specification states scopes seem match usage scenario. however, there scenarios not apply strictly or end not having real impact. if single organization controls authorization server , client application can decide application enjoy what's sometime known administrative consent resource owner isn't asked explicit consent because trusted application. in these cases, increase scopes/resources without type of user intervention.


-

Comments

Post a Comment

Popular posts from this blog

python - How to insert QWidgets in the middle of a Layout? -

Image
i'm using qt framework build graphical user interface. use qgridlayout position qwidgets neatly. gui looks this: my application regularly adds new widgets gui @ runtime. these new widgets not added @ end of qlayout, somewhere in middle. the procedure bit cumbersome. applied on figure above, need take out widg_c , widg_d , ... qgridlayout. next, add widg_x and widg_y , , put other widgets again. how remove widgets qgridlayout: for in reversed(range(mygridlayout.count())): self.itemat(i).widget().setparent(none) ### as long you're dealing small amount of widgets, procedure not disaster. in application display lot of small widgets - perhaps 50 or more! application freezes second while procedure ongoing, annoying user. there way insert widgets somewhere in qlayout, without need take out other widgets? edit: apparently solution qvboxlayout simple. use function insertwidget(..) instead of addwidget(..) . docs can found link: http://doc.qt.io/qt-5/qboxlayou
Read more

python - serve multiple gunicorn django instances under nginx ubuntu -

i need serve 2 webs apps (django) on gunicorn under different domain names using nginx on ubuntu. started using tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04 it worked fine 1 using that. tried same thing second gives me 502 gateway second domain. tried following tutorial: http://michal.karzynski.pl/blog/2013/10/29/serving-multiple-django-applications-with-nginx-gunicorn-supervisor/ i'm @ part run gunicorn start script: sudo bin/gunicorn_start i response: starting webuildblack root traceback (most recent call last): file "/home/devin/webuildblack/bin/gunicorn", line 7, in <module> gunicorn.app.wsgiapp import run importerror: no module named 'gunicorn.app'; 'gunicorn' not package you have named program gunicorn.py gunicorn -package. rename file , remove gunicorn.pyc file.
Read more

module - Prestashop displayPaymentReturn hook url -

i new prestashop developer , trying create paymentmodule. have got show payment method can not proceed purchase because not know hot works. does know should redirect run hooddisplaypaymentreturn method? i happy if explain me complete navigation map make purchase. anyway, can find relation between hooks , pages? when have new module payment rely on simplest provided prestashop: bankwire. inside can find 3 hooks. hookpayment: public function hookpayment($params) { if (!$this->active) return; if (!$this->checkcurrency($params['cart'])) return; $this->smarty->assign(array( 'this_path' => $this->_path, 'this_path_bw' => $this->_path, 'this_path_ssl' => tools::getshopdomainssl(true, true).__ps_base_uri__.'modules/'.$this->name.'/' )); return $this->display(__file__, 'payment.tpl'); } hookdisplaypaymenteu: public fun
Read more