Skip to content

OAuth2IntrospectionAuthenticationToken should be marked as @Transient #6829

New issue
New issue
Closed
#6918
Closed
OAuth2IntrospectionAuthenticationToken should be marked as @Transient#6829
#6918
Assignees
jzheaux
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
Milestone
 
5.2.0.M3
@jzheaux

Description

@jzheaux
jzheaux
opened on May 1, 2019

By default, Resource Server should be stateless. This is achieved in its JWT support via the @Transient annotation:

@Transient
public class JwtAuthenticationToken

For introspection, it would be better if OAuth2IntrospectionAuthenticationToken did the same thing:

@Transient
public class OAuth2IntrospectionAuthenticationToken

It'd also be good to add a test to confirm that by default no session is created when an app is configured for introspection.

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions