-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refreshing token support built in? #110
Comments
I rolled my own implementation, here's the code if anyone is interested.
|
Thanks. |
@developer992 Hi and thanks for both the question and the solution! I am sorry I didn't have the time to come up with it before you did. It's actually a good idea to bake the support for refreshing token in, I'll look into it over the holidays! |
Thank you man, happy new year as well :) |
Hi @tomasvotava ! Warm regards, |
Hi @Mulugruntz, the thing is the same SSO instance may currently be used to authenticate multiple users, so it would be insecure to continue reusing it in the future to refresh access tokens as well, e.g. this flow would be IMHO common and very bad:
This would no more be an edge-case race condition, but rather a buggy implementation. I have a rather large refactor in mind, that will forever sort out all race conditions (and, I presume, introduce some new ones 😁). After it's done, I know there were lots of promises from me and the time flies and nothing happens, I am sorry, I think you all know it yourselves, there are loads of work everywhere, I just need to find the time 🙏 |
Hello,
I am implementing SAP XSUAA Oauth2 via GenericSSO client and it works, good job!
I also receive back a refresh token after successful login
According to docs, refreshing the token involves creating a new request like so:
I would like to know if this support is already built in or do we need to manually do this request?
Many thanks!
The text was updated successfully, but these errors were encountered: