-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The same expiresIn is returned if the token is requested twice. #134
Comments
We expect that The access token is created when user authorize via OAuth server first. |
If My understanding was different. I assumed that created Also, I don't see how |
We expect that
So you can return cached access token from datastore until access token expires by
By saving and getting the access token created time in the datastore, you should be able to specify I made a sample code before. I hope it help you. https://github.com/tsuyoshizawa/scala-oauth2-provider-example-skinny-orm/blob/master/app/controllers/OAuthController.scala |
But when you return this cached access token, it will have |
Since
expiresIn
is calculated at the moment ofAccessToken
creation (#107), it remains the same no matter how many times it has been requested. Also, since it is apparently non-negative at the moment of creation,AccessToken#isExpired
method will never return true, which rendersGrantHandler#shouldRefreshAccessToken
and corresponding branch inGrantHandler#issueAccessToken
useless.Wouldn't it be better if
expiresIn
was recalculated upon each request? Shouldn't the expiration date/time be immutable, not the time until expiration?The text was updated successfully, but these errors were encountered: