Thank you for your answer. I have a bit of a concern about making the refresh tokens never expiring, since that would increase the possibility of intercepting the refresh token. I'll have a poke at the code and see if I can possible make a new flag in the properties that users can set, and then make a pull request.
Regards Anders Olsen Den torsdag den 1. februar 2018 kl. 14.48.02 UTC+1 skrev Misagh Moayyed: > > There isn't, but you can design an expiration policy for the relevant > tokens so they don't ever expire. > > --Misagh > > ------------------------------ > > *From: *"Anders Olsen" <[email protected] <javascript:>> > *To: *[email protected] <javascript:> > *Sent: *Thursday, February 1, 2018 4:06:54 AM > *Subject: *[cas-user] [OAuth2] Generate new refresh token when using a > previous refresh-token > > Hi everyone! > > > > I am currently working on setting up CAS as the new SSO solution for our > website. > > In addition to a traditional website, we also have native apps for Android > and (soon) iOS that uses OAuth2 to authenticate as they need to have > offline capability and thus cannot use a regular session. > > > > I have got most of the OAuth2 functionality to work, using this service > definition: > > > > { > "@class" : > "org.apereo.cas.support.oauth.services.OAuthRegisteredService", > "clientId": "XXX", > "clientSecret": "XXXXX", > "generateRefreshToken" : *true*, > "jsonFormat" : *true*, > "supported_grants" : ["password", "refresh_token"], > "name" : "OAuth2 (Android)", > "id" : 201801311512 > } > > > > (Client ID and Secret has been obfuscated..) > > > > This also works fine to gain access tokens: > > Using password: > > { > > "access_token": "AT-1-82jDv1D3pkvex5C1UYjKreBdhhw5omzc", > > "token_type": "bearer", > > "expires_in": 28800, > > "refresh_token": "RT-1-so451CeJyePgl2RmXnefODw0nV9jTAgX" > > } > > > > Using refresh token: > > > > { > > "access_token": "AT-2-7a6-eLsKlX9-jyYynqFjTqsneLE8WnlN", > > "token_type": "bearer", > > "expires_in": 28800 > > } > > > > However, this means that when the refresh token expires, the user is > totally shut out of CAS and has to re-login with his credentials. > > I would like for the user to never have to login again after logging in > the first time. > > > > Our previous OAuth2 server is based on > http://bshaffer.github.io/oauth2-server-php-docs/ and one of the settings > there, under > http://bshaffer.github.io/oauth2-server-php-docs/grant-types/refresh-token/ > is a flag “always_issue_new_refresh_token” which is default false but can > be set to true to give the user a new refresh token whenever the previous > refresh token is used for creating a new access token. > > > > Is there a setting or configuration in CAS that will enable the same > behavior ? > > > > Thank you for your time. > > > > > > Regards, > > *Anders Olsen* > > Softwareudvikler > > Software Developer > > > > Tel +45 3328 3800 > > > > > > > [image: https://integration.dof.dk/assets/small/birdlife_dof_100px.png] > > [image: https://integration.dof.dk/assets/small/fb.png] > <https://www.facebook.com/birdlifedk> [image: > https://integration.dof.dk/assets/small/instagram.png] > <https://www.instagram.com/danmarksfugle> [image: > https://integration.dof.dk/assets/small/youtube.png] > <https://www.youtube.com/user/DOFBirdlife> > > DOF / Birdlife Denmark | Vesterbrogade 140 | 1620 København V | www.dof.dk > > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/3B91F9D1-39B8-4549-9AE7-5C4A4E946AF2%40dof.dk > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3B91F9D1-39B8-4549-9AE7-5C4A4E946AF2%40dof.dk?utm_medium=email&utm_source=footer> > . > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8e541244-9c9c-435c-b9ee-6cc48bfedb6e%40apereo.org.
