AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Spring boot open source projects3/12/2023 ![]() Then when you want to modify the users roles you do this again through a resource. Your security service can also be a resource server but the two steps should be seen as different. Then you'd normally take that access token and request user access information from a resource such as "userinfo" service or something similar. For example you have a normal OAuth2 request which generates a token which you can exchange for an access token, as you've laid out in steps 1 and 2. That said, you don't have to follow a standard if you're confident in your proposed solution.Įdit: To clarify the users roles and access is normally part of a resource and not part of the token exchange. I want to add that this does not sound like the normal OAuth2 process and you may be breaking a few conventions here which might bite you later. ![]() ![]() I haven't personally tested this but I found a guide for it here so your milage may vary. It sounds like you need to revoke the access token when the users roles change if you want the next request to get a new access token with the new roles and not return an existing token with existing roles if it's still valid.Īt the point where you update the users roles you'd likely want to revoke the token.
0 Comments
Read More
Leave a Reply. |