[MODAT-68] Use JWT for refresh tokens - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Story
Status: Closed (View Workflow)
Priority: P3
Resolution: Won't Do
Affects Version/s: None
Fix Version/s: 3.0.0
Labels:

Template:
Sprint:
CP: sprint 136, CP: sprint 138, CP: sprint 137, CP: sprint 139
Story Points:
3
Development Team:
Core: Platform
Epic Link:
Refresh token rotation

Description

Overview

Currently the refresh tokens issued from mod-authtoken are encrypted (JWE). I'm not sure that's necessary as there doesn't appear to be anything sensitive/secret in the token itself. Unless there's a compelling reason to encrypt these, I suggest we save the time/resources on the extra crypto and forego the use of JWE.

See wiki for additional details

Acceptance Criteria

Refresh tokens are signed, but not encrypted
(Optional) Allow encryption to be turned on via configuration

TestRail: Results

Attachments

Issue Links

relates to

FOLIO-2556 SPIKE: investigate refresh tokens support in FOLIO

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Steve Ellis

Reporter:: Craig McNally

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 21/Apr/20 8:24 PM

Updated:: 03/Nov/22 8:25 PM

Resolved:: 11/May/22 1:17 PM

Use JWT for refresh tokens