Skip to content
This repository has been archived by the owner on May 31, 2022. It is now read-only.

Why the ACCESS_TO_REFRESH have a same expire time with refresh token not the access token #1954

Open
nl594 opened this issue Mar 26, 2022 · 1 comment

Comments

@nl594
Copy link

nl594 commented Mar 26, 2022

The ACCESS_TO_REFRESH have a same expire time with refresh token not the access token,
the access token xxx may be already expired in redis,but the access_to_refesh:xxx is still in redis。
What is access_to_refesh:xxx used for ?
I think access_to_refesh:xxx should have the same expire time with access token xxx, if access token xxx is expired,access_to_refesh:xxx need expired too,Otherwise, it will occupy redis space.

Does anyone can explain this ?

https://github.com/spring-projects/spring-security-oauth/blob/2b58aafecac336e82f20ea43da9b208b0a4a40dd/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/redis/RedisTokenStore.java#L232

@nl594
Copy link
Author

nl594 commented Mar 26, 2022

the follow issue have the question.
#1908

and I do not think the following commit fix it, because the method RedisTokenStore.removeRefreshToken my be not called.
#1836

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Development

No branches or pull requests

2 participants