-
Notifications
You must be signed in to change notification settings - Fork 282
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ELY-2083] Token based authentication between clients and servers. Token issuance functionality. #1541
[ELY-2083] Token based authentication between clients and servers. Token issuance functionality. #1541
Conversation
issuance functionality
* @return a JWT access token in String representation | ||
* @throws Exception | ||
*/ | ||
String issueAccessToken(SecurityIdentity securityIdentity) throws JwtException; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something we had discussed before was making sure that we could either generate our own tokens or make use of an external provider. One thing I'm wondering about is whether it makes sense for this interface method to take a SecurityIdentity
as a parameter. The SecurityIdentity
is definitely something that's need when generating our own tokens. But, it likely wouldn't be needed if using an external provider to obtain the token. In that case, an OAuth2CredentialSource
would likely be used.
|
||
private KeyStore keyStore; | ||
private String issuer = "WildFly Elytron"; | ||
private long accessTokenExpiryTime = 300; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For constants like this, it's good to declare it as follows:
private static final long ACCESS_TOKEN_EXPIRY_TIME = 300;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was using this variable as a default initial value, although it can be altered with the builder if they choose to use a different expiry time. Should I create some constants and have them be separate instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, got it. Yes, you can create a separate constant and initialize accessTokenExpirytTime
using the constant.
Windows Build 723 outcome was FAILURE using a merge of fa04ef9 Failed tests
|
Going to close this one for now until we are ready to pick up working on it again. |
https://issues.redhat.com/browse/ELY-2083