Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-2556

SPIKE: investigate refresh tokens support in FOLIO

    XMLWordPrintable

    Details

    • Template:
    • Sprint:
      CP: sprint 86, CP: sprint 87, CP: sprint 126, CP: sprint 127, CP: Sprint 128
    • Story Points:
      3
    • Development Team:
      Core: Platform

      Description

      Relates to FOLIO-1233 – this ticket needs to be updated with an implementation plan.

      See https://wiki.folio.org/display/DD/Refresh+Tokens

      Much of the outstanding work is fairly straight forward. However, in reading through the comments in FOLIO-1233, and based on conversations I've had with frontend developers, it seems the two biggest unknowns are:

      • How do we handle access token expiration in the context of module-to-module communication
        • Always check token expiry during authorization
        • Tokens w/o a valid expiration will be rejected
        • Tokens generated for module-to-module purposes have a new expiration - this should be long enough that request timeouts will likely happen before tokens expire, but will mitigate the impact of a sniffed/stolen token.
      • How do we incorporate refresh tokens into the UI.
        • Discussed with Zak_Burke - Will create a story (Spike) against stripes-connect and elicit feedback from the stripes community

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                stevel Steve Ellis
                Reporter:
                jakub Jakub Skoczen
                Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                  Dates

                  Created:
                  Updated:

                    TestRail: Runs

                      TestRail: Cases