<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:21:31 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-2556] SPIKE: investigate refresh tokens support in FOLIO</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-2556</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;Relates to 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-1233&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-1233&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Implement refresh tokens&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium&quot; /&gt;
            FOLIO-1233
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 &#8211; this ticket needs to be updated with an implementation plan.&lt;/p&gt;

&lt;p&gt;See &lt;a href=&quot;https://folio-org.atlassian.net/wiki/display/DD/Refresh+Tokens&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/wiki/display/DD/Refresh+Tokens&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;See &lt;a href=&quot;https://docs.google.com/document/d/1K_QdgnOo2wOSfY-rQ8phOD6nCO_3jvdAnEG0BEqtnjU/edit#&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://docs.google.com/document/d/1K_QdgnOo2wOSfY-rQ8phOD6nCO_3jvdAnEG0BEqtnjU/edit#&lt;/a&gt; &quot;FOLIO Authentication Token Architecture Improvements&quot;&lt;/p&gt;

&lt;p&gt;Much of the outstanding work is fairly straight forward.  However, in reading through the comments in 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-1233&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-1233&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Implement refresh tokens&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium&quot; /&gt;
            FOLIO-1233
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
, and based on conversations I&apos;ve had with frontend developers, it seems the two biggest unknowns are:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;How do we handle access token expiration in the context of module-to-module communication
	&lt;ul&gt;
		&lt;li&gt;Always check token expiry during authorization&lt;/li&gt;
		&lt;li&gt;Tokens w/o a valid expiration will be rejected&lt;/li&gt;
		&lt;li&gt;Tokens generated for module-to-module purposes have a new expiration - this should be long enough that request timeouts will likely happen before tokens expire, but will mitigate the impact of a sniffed/stolen token.&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;How do we incorporate refresh tokens into the UI.
	&lt;ul&gt;
		&lt;li&gt;Discussed with &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=615afd1cd9820f0070a09ef0&quot; class=&quot;user-hover&quot; rel=&quot;615afd1cd9820f0070a09ef0&quot; data-account-id=&quot;615afd1cd9820f0070a09ef0&quot; accountid=&quot;615afd1cd9820f0070a09ef0&quot; rel=&quot;noreferrer&quot;&gt;Zak Burke&lt;/a&gt; - Will create a story (Spike) against stripes-connect and elicit feedback from the stripes community&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="81655">FOLIO-2556</key>
            <summary>SPIKE: investigate refresh tokens support in FOLIO</summary>
                <type id="10003" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium">Task</type>
                            <parent id="80032">FOLIO-3627</parent>
                                    <priority id="10002" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p3.svg">P3</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="62e181430b4bf7ad924b3732">Steve Ellis</assignee>
                                                                <reporter accountid="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d">Jakub Skoczen</reporter>
                                    <labels>
                            <label>R3</label>
                            <label>platform-backlog</label>
                            <label>refresh-tokens</label>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Mon, 6 Apr 2020 15:06:29 +0000</created>
                <updated>Thu, 3 Nov 2022 20:16:00 +0000</updated>
                            <resolved>Mon, 6 Dec 2021 13:05:27 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>9</watches>
                                                                <comments>
                                                            <comment id="195684" author="5c10cd488ce9b546efc4d9c4" created="Tue, 5 May 2020 13:08:44 +0000"  >&lt;p&gt;We need a solution decision.&lt;/p&gt;</comment>
                                                            <comment id="195685" author="557058:f8c71e3c-04a0-49c1-bae9-f8f88e253821" created="Mon, 29 Mar 2021 13:02:32 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt;&#160;do we need to do investigation for R2 or implementation is also requred?&lt;/p&gt;</comment>
                                                            <comment id="195687" author="61e1a06fe67ea2006b5b23af" created="Mon, 6 Dec 2021 13:05:27 +0000"  >&lt;p&gt;Completed.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10000">
                    <name>Blocks</name>
                                            <outwardlinks description="blocks">
                                        <issuelink>
            <issuekey id="79617">FOLIO-2524</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="74068">MODAT-64</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="74560">STCON-101</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="72566">SIP2-71</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="74110">MODAT-66</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="73253">MODLOGSAML-57</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="74068">MODAT-64</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="74087">MODAT-67</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="74089">MODAT-69</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="74560">STCON-101</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="80659">FOLIO-1233</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="74088">MODAT-68</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="38535">EDGCOMMON-22</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="74071">MODAT-65</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="35191">MODLOGIN-119</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="61827">STCOR-484</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="74060">MODAT-60</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="79831">FOLIO-2523</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10144"><![CDATA[Core: Platform]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10014" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue key="$xmlutils.escape($text)">Poppy 2023 R2 - Implement refresh token rotation (RTR) in all affected modules</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i03km6:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1858">CP: sprint 87</customfieldvalue>
    <customfieldvalue id="1431">CP: sprint 127</customfieldvalue>
    <customfieldvalue id="1370">CP: sprint 128</customfieldvalue>
    <customfieldvalue id="1181">CP: sprint 126</customfieldvalue>
    <customfieldvalue id="1855">CP: sprint 86</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10044" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 5 May 2020 13:08:44 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>