Does the OIDC refresh token need any permanent cache?
henri.mikkonen at csc.fi
Tue May 12 14:09:39 UTC 2020
> Does the refresh token carry within it enough information for the IdP to issue a new id token? Or is there a permanent cache needed somewhere?
Yes: all the needed information is encoded inside the refresh_token (which is encrypted via data sealer). Depending on your attribute-resolver configuration, also the attribute/claim values might be included .
There’s no need (actually not even support at the moment) for any server-side cache/storage regarding them.
 https://github.com/CSCfi/shibboleth-idp-oidc-extension/wiki/AttributeEncoderPluginConfiguration <https://github.com/CSCfi/shibboleth-idp-oidc-extension/wiki/AttributeEncoderPluginConfiguration>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users