This repository has been archived by the owner on May 31, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4k
RedisTokenStore should delete access_to_refresh key when removing refresh token #1836
Comments
mashice
changed the title
isRedisTokenStore removeRefreshToken bug
RedisTokenStore removeRefreshToken bug
Mar 14, 2020
The storing part is correct but the access2RefreshKey is calculated wrong for removing part. Scenario 1: => no key is left behind
Scenario 2: => no key is left behind
Scenario 3: => key for access_to_refresh is left behind
I develop currently a test and fix for that. PR will follow... |
srempfer
pushed a commit
to srempfer/spring-security-oauth
that referenced
this issue
Apr 16, 2020
… refresh token (fixes spring-atticgh-1836)
srempfer
pushed a commit
to srempfer/spring-security-oauth
that referenced
this issue
Apr 16, 2020
… refresh token (fixes spring-atticgh-1836)
srempfer
pushed a commit
to srempfer/spring-security-oauth
that referenced
this issue
Apr 16, 2020
… refresh token (fixes spring-atticgh-1836)
srempfer
pushed a commit
to srempfer/spring-security-oauth
that referenced
this issue
Apr 21, 2020
… refresh token (fixes spring-atticgh-1836)
jgrandja
changed the title
RedisTokenStore removeRefreshToken bug
RedisTokenStore should delete access_to_refresh key when removing refresh token
Apr 30, 2020
jgrandja
pushed a commit
that referenced
this issue
Apr 30, 2020
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
https://github.com/spring-projects/spring-security-oauth/blob/d72922e395aa9c2fd0fd5b2de2e557790c2b92c5/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java#L364
in line 364 want to delete refreshToken, redis key is ACCESS_TO_REFRESH + refreshToken, but in line 213 save key as ACCESS_TO_REFRESH + accessToken.
The text was updated successfully, but these errors were encountered: