Hello everyone, We are developing a mobile application that uses CAS to connect to all of our services. To maintain the CAS connection, we use the OAuth protocol and retrieve an RT, AT, and TGT during the initial login.
If needed, the connection can then be renewed using the RT, which allows us to obtain a new AT. On the other hand, we use the TGT to authenticate across all of our services, which are already configured to work with the CAS server via the CAS protocol (and not the OAuth protocol). Thus, in our mobile application, we use webviews and pass the TGT as a cookie to the webview to access our services once logged in (which works correctly). However, we encounter a problem during the AT renewal. When we renew it, we do get a new AT, but it refers to the initial TGT (the one from the first login). However, after a certain amount of time this TGT is no longer valid according to its expiration policy. We find CAS’s behavior in this regard to be strange: when the TGT is expired, it is removed from the ticket registry, but when the AT is renewed, the TGT (even if expired) is stored back in the ticket registry, even though it is invalid. Thus, if we use the TGT, it is detected as invalid and is removed from the ticket registry, but the AT still refers to it. Is this behavior normal and expected? What do you recommend for persistent authentication on a mobile application? We found the OAuth protocol to be suitable, but maybe there is a better approach. We are using CAS 7.0.4. Thank you in advance for your assistance. Best regards -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc6ff817-e7b7-4526-b718-a0e6c385ef16n%40apereo.org.
