Hi everyone!
I am currently working on setting up CAS as the new SSO solution for our
website.
In addition to a traditional website, we also have native apps for Android and
(soon) iOS that uses OAuth2 to authenticate as they need to have offline
capability and thus cannot use a regular session.
I have got most of the OAuth2 functionality to work, using this service
definition:
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "XXX",
"clientSecret": "XXXXX",
"generateRefreshToken" : true,
"jsonFormat" : true,
"supported_grants" : ["password", "refresh_token"],
"name" : "OAuth2 (Android)",
"id" : 201801311512
}
(Client ID and Secret has been obfuscated..)
This also works fine to gain access tokens:
Using password:
{
"access_token": "AT-1-82jDv1D3pkvex5C1UYjKreBdhhw5omzc",
"token_type": "bearer",
"expires_in": 28800,
"refresh_token": "RT-1-so451CeJyePgl2RmXnefODw0nV9jTAgX"
}
Using refresh token:
{
"access_token": "AT-2-7a6-eLsKlX9-jyYynqFjTqsneLE8WnlN",
"token_type": "bearer",
"expires_in": 28800
}
However, this means that when the refresh token expires, the user is totally
shut out of CAS and has to re-login with his credentials.
I would like for the user to never have to login again after logging in the
first time.
Our previous OAuth2 server is based on
http://bshaffer.github.io/oauth2-server-php-docs/ and one of the settings
there, under
http://bshaffer.github.io/oauth2-server-php-docs/grant-types/refresh-token/ is
a flag “always_issue_new_refresh_token” which is default false but can be set
to true to give the user a new refresh token whenever the previous refresh
token is used for creating a new access token.
Is there a setting or configuration in CAS that will enable the same behavior ?
Thank you for your time.
Regards,
Anders Olsen
Softwareudvikler
Software Developer
Tel +45 3328 3800
[https://integration.dof.dk/assets/small/birdlife_dof_100px.png]
[https://integration.dof.dk/assets/small/fb.png]<https://www.facebook.com/birdlifedk>
[https://integration.dof.dk/assets/small/instagram.png]
<https://www.instagram.com/danmarksfugle>
[https://integration.dof.dk/assets/small/youtube.png]
<https://www.youtube.com/user/DOFBirdlife>
DOF / Birdlife Denmark | Vesterbrogade 140 | 1620 København V |
www.dof.dk<https://www.dof.dk>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3B91F9D1-39B8-4549-9AE7-5C4A4E946AF2%40dof.dk.
