Skip to content
This repository was archived by the owner on May 31, 2022. It is now read-only.

Change a way to serialize/deserialize token and authentication #1547

Open
ufosaga opened this issue Dec 21, 2018 · 1 comment
Open

Change a way to serialize/deserialize token and authentication #1547

ufosaga opened this issue Dec 21, 2018 · 1 comment
Labels
status: waiting-for-triage

Comments

@ufosaga
Copy link

ufosaga commented Dec 21, 2018
edited
Loading

Take JdbcTokenStore for an example.
oauth_access_token and oauth_refresh_token both stored token and authentication as blods.
and these blods are in fact the serialized java class OAuth2AccessToken/OAuth2RefreshToken and OAuth2Authentication.

If we migrate the framework from a lower version to current, most likely we cannot deserialize the existing tokens in the database, see here, this means:

  1. we cannot retrieve the resources by using the exiting access token.
  2. we cannot get new token using the exiting refresh token.
  3. we even cannot generate new access token and refresh token.

This is definitely disaster. We cannot just truncate these tables in database, because this will also break some functionalities e.g. Google Home Action or Amazon Alexa Skill.

I suppose even Base64ed Json mapping is better than serialized plan java class, at least it is easier to migrate.
@aschatten aschatten mentioned this issue Jan 11, 2019
Open
@ufosaga
Copy link
Author

ufosaga commented Nov 12, 2019

@dsyer Hi Dave, can you consider this?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
status: waiting-for-triage
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ufosaga @spring-projects-issues