How-to: Configure and use opaque tokens #1101
Comments
|
@vishu221b, thanks for suggesting this! I thought we already had an "opaque tokens" how-to issue, but I can't seem to find one. At the moment, I'm not sure this topic rises to the level of needing a how-to guide because it is covered in the reference, but perhaps others in the community can chime in (and 👍 the issue) to let us know. For the time being, see this comment for some resources:
|
|
I'd like to know how to perform MockMVC tests with opaque tokens when the Authorization Server and the Resource Server are in the same app. I found https://github.com/spring-projects/spring-security-samples/tree/main/servlet/spring-boot/java/oauth2/resource-server/opaque this example, but it uses a standalone authorization server when testing, and dose not told us how to modify it to bundle an authorization server into it. I tried to modify the jwt token based client to a opaque token client, and set the introspectionUri to |
|
@DevDengChao, thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. Feel free to update this issue with a link to the re-posted question (so that other people can find it). If you would like to submit a request for a How-to guide, please open a new issue linked to gh-499. |
jgrandja
added
type: documentation
Publish a guide on How-to: Configure and use opaque tokens
Description
Currently there are resources around how to configure and set up JWT token flow but the resources around how to configure and use opaque tokens are missing. This would be useful for those cases where the need is not to expose any data (even to the resource owner) available in JWT claims which can be decoded and accessed by anyone having access to the JWT token.
recommended for inclusion in: gh-499
The text was updated successfully, but these errors were encountered: