Store refresh token in vault #1125

paullatzelsperger · 2024-03-13T10:06:25Z

WHAT

When the provider data plane uses refresh tokens, it should store them in the Vault rather than the normal database.

Security. Attackers who gain access to the access token and the database could illegitimately request a new refresh+access token pair.

// if possible, outlines a solution proposal

// anything else you want to outline

Please be sure to take a look at
our contribution guidelines and
our PR etiquette.

paullatzelsperger added critical All issues that will definitely be in the milestone they are planned for Feature labels Mar 13, 2024

paullatzelsperger self-assigned this Mar 13, 2024

github-project-automation bot added this to EDC Board Mar 13, 2024

github-project-automation bot moved this to Open in EDC Board Mar 13, 2024

paullatzelsperger mentioned this issue Mar 13, 2024

Story: DPS Token Refresh #1108

Closed

8 tasks

paullatzelsperger closed this as completed Mar 14, 2024

github-project-automation bot moved this from Open to Done in EDC Board Mar 14, 2024

mkanal mentioned this issue Jul 12, 2024

[SPIKE] Update EDC 0.7.3 eclipse-tractusx/item-relationship-service#794

Closed

2 tasks