Versions Compared

Old Version 31

changes.mady.by.user Craig McNally

Saved on

compared with

New Version 32

changes.mady.by.user Julian Ladisch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Replace first http icon

...

StatusFunctionalityNotesStory
(tick)(tick)Ability to get a valid refreshTokenPOST /refreshtoken - requires "secret" permission not mentioned in the module descriptorAlready done
(tick)Ability to get a new access token via valid refresh tokenPOST /refreshAlready done
(error)Ability to revoke a refresh tokenSee Ability to Explicitly Revoke a RefreshToken Not needed
(error)Ability to revoke ALL refresh tokensMay not be urgent - if needed restart the auth module(s) with a new signing key.  See Ability to Explicitly Revoke a RefreshTokenNot needed
(error)Configurable access and refresh token expirationBoth are hardcoded - 10min/24hrs

Jira Legacy
serverSystem Jira
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keyMODAT-65

(warning)Access token expirationSet in some cases but never checked

Jira Legacy
serverSystem Jira
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keyMODAT-64

(tick)Refresh token expirationRefresh tokens that are expired are considered invalidAlready done
(error)Validation that a refresh token was generated by this FOLIO InstanceRight now depends on signing key.  If we go with rotating refresh tokens (and keys) this is no longer an issue.Not needed
(error)mod-login-saml supports refresh tokensCurrently only returns an access token

Jira Legacy
serverSystem Jira
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keyMODLOGSAML-57

(error)Gracefully handle access token expiration in module-to-module requestsSee Gracefully Handle Access Token Expiration in Module-to-Module Requests

Jira Legacy
serverSystem Jira
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keyMODAT-66

(error)Ensure we're not caching access tokens in edge-sip2Can probably be wrapped into the existing story for handing token expiration/invalidation

Jira Legacy
serverSystem Jira
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keySIP2-71

(error)Silent refresh in edge-commonCurrently caches access tokens for a configurable amount of time

Jira Legacy
serverSystem Jira
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keyEDGCOMMON-22

(error)Refresh token rotation upon useSee Refresh Token Rotation and Automatic Revocation Upon Multiple Uses

Jira Legacy
serverSystem Jira
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keyMODAT-67

(error)Automatic revocation of refresh tokens when used more than onceSee Refresh Token Rotation and Automatic Revocation Upon Multiple Uses

Jira Legacy
serverSystem Jira
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keyMODAT-67

(error)Silent refresh in stripesProbably actually in stripes-connect

Jira Legacy
serverSystem Jira
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keySTCON-101

(error)Disable use of JWE by default for refresh tokensSee To Encrypt or Not to Encrypt?

Jira Legacy
serverSystem Jira
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keyMODAT-68

(error)Refactor/Combine access/token endpointsSee Combine /token and /refresh endpoints in mod-authtoken?

Jira Legacy
serverSystem Jira
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keyMODAT-69

...