tie refresh token generation to "offline" scope tag
Justin Richer
parent
50040a8ef4
commit
84401531ae
|
|
@ -91,7 +91,6 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
||||||
token.setScope(scopes);
|
token.setScope(scopes);
|
||||||
|
|
||||||
// make it expire if necessary
|
// make it expire if necessary
|
||||||
// TODO: pending upstream updates, check for 0 or -1 value here
|
|
||||||
if (client.getAccessTokenValiditySeconds() != null && client.getAccessTokenValiditySeconds() > 0) {
|
if (client.getAccessTokenValiditySeconds() != null && client.getAccessTokenValiditySeconds() > 0) {
|
||||||
Date expiration = new Date(System.currentTimeMillis() + (client.getAccessTokenValiditySeconds() * 1000L));
|
Date expiration = new Date(System.currentTimeMillis() + (client.getAccessTokenValiditySeconds() * 1000L));
|
||||||
token.setExpiration(expiration);
|
token.setExpiration(expiration);
|
||||||
|
|
@ -104,9 +103,9 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
||||||
|
|
||||||
token.setAuthenticationHolder(authHolder);
|
token.setAuthenticationHolder(authHolder);
|
||||||
|
|
||||||
// TODO: tie this to the offline_access scope
|
// attach a refresh token, if this client is allowed to request them and the user gets the offline scope
|
||||||
// attach a refresh token, if this client is allowed to request them
|
// TODO: tie this to some kind of scope service
|
||||||
if (client.isAllowRefresh()) {
|
if (client.isAllowRefresh() && scopes.contains("offline")) {
|
||||||
OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken();
|
OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken();
|
||||||
|
|
||||||
// make it expire if necessary
|
// make it expire if necessary
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue