Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-1233

Implement refresh tokens

    XMLWordPrintable

Details

    • CP: R3 2022 roadmap
    • 2
    • Core: Platform

    Description

      While long lived access tokens may be convenient for early development, we really need to implement refresh tokens in FOLIO so our access tokens can be short lived. We should get to this sooner rather than later.

      As I didn't see an existing JIRA filed for refresh tokens, this has been created to ensure we keep it visible on our backlog. We also have some decisions to make regarding refresh token implementation, such as validation, expiration, revocation, and rotation. There are likely suitable third-party libraries worth considering as well, so we're not re-inventing the wheel here.

      https://tools.ietf.org/html/rfc6749#section-1.5

      https://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-08#section-4.1.2

      TestRail: Results

        Attachments

          Issue Links

            relates to

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. FOLIO-3897 Add environment variables for RTR modules to snapshot envs

            • TBD - To be determined
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. MODAT-56 validate user deactivation when checking access token

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            New Feature - New feature requests UXPROD-39 Local password management

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Umbrella - FOLIO-1332 SPIKE: Design/Discuss Overrides

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Task - A task that needs to be done. FOLIO-1485 Folio testing backend build fails due to incompatible authtoken interface versions

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Umbrella - FOLIO-2524 Security Audit raised issues

            • P2 - normal priority level, must be included in the current development cycle
            • Open

            Task - A task that needs to be done. FOLIO-2556 SPIKE: investigate refresh tokens support in FOLIO

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            New Feature - New feature requests MODLOGSAML-92 SSO Logout does not destroy SAML session

            • TBD - To be determined
            • Closed

            New Feature - New feature requests MODLOGSAML-94 Provide SLO (Single Log Out) endpoint to be called by SSO IdP

            • TBD - To be determined
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. STCOR-532 Logout from FOLIO, keep SSO login

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIU-1324 Users that are deleted or deactivated can stay logged in in folio until their token expires (=for a VERY long time)

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Activity

              People

                stevel Steve Ellis
                mattj Matt Jones
                Votes:
                0 Vote for this issue
                Watchers:
                18 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases