Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-1233

Implement refresh tokens

    XMLWordPrintable

Details

    • CP: R3 2022 roadmap
    • 2
    • Core: Platform

    Description

      While long lived access tokens may be convenient for early development, we really need to implement refresh tokens in FOLIO so our access tokens can be short lived. We should get to this sooner rather than later.

      As I didn't see an existing JIRA filed for refresh tokens, this has been created to ensure we keep it visible on our backlog. We also have some decisions to make regarding refresh token implementation, such as validation, expiration, revocation, and rotation. There are likely suitable third-party libraries worth considering as well, so we're not re-inventing the wheel here.

      https://tools.ietf.org/html/rfc6749#section-1.5

      https://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-08#section-4.1.2

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                stevel Steve Ellis
                mattj Matt Jones
                Votes:
                0 Vote for this issue
                Watchers:
                19 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases