Uploaded image for project: 'OpenId Connect'
  1. OpenId Connect
  2. OIDC-41

Salt the stored token

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Major
    • 1.15
    • 1.6.1
    • Provider
    • None

    Description

      The stored token is used to compare it with a passed token exactly like a password so there is no reason to keep it in clear in the database.

      This will be important when we start supporting that token for something else than user profile information (which are usually readable by anyone anyway).

      The only difficulty is finding a way to knows which user this token is referring to. I guess we can probably set the user reference in the optional access token scope, need to see if that make sense. It could also be part of the token value itself (<user reference>|<random string>).

      Attachments

        Issue Links

          blocks

          New Feature - A new feature of the product, which has yet to be developed. OIDC-22 Allow accessing any resource using access token

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: