Saving authorization code generated in auth code grant type into database.

[patlollavishnu]

HI All,
We have recently introduced authorization code grant type in our OAuth application, and we have requirement to insert all the auth codes generated into database.

Can any one help what configuration we need to use to achieve this with help of JdbcVerificationCodeServices.

Thanks in advance..

[Dave Syer]

In think you mean JdbcAuthorizationCodeServices unless you are using a very old version of the library (in which case you should upgrade)? It's not particularly valuable in my opinion (I'd lik eto hear why you need it), but it should be easy to install and configure in your AuthorizationEndpoint. There is supposed to be an XML attribute in <authorization-server/authorization-code/> ("authorization-code-services-ref"). If it doesn't work it would be a bug.

[patlollavishnu]

Thank you Dave..
Yes.. We are using an old library. We have certainly need to migrate to higher version of OAUTH.
Please let me know for any official websites where i get the latest libraries..

[Dave Syer]

You can get it from Maven (instructions in the github wiki http://github.com/SpringSource/sprin.../wiki/download) or download or clone the sources from github (http://github.com/SpringSource/spring-security-oauth).

[patlollavishnu]

Thanks Dave..
Any how with the old library with below config. we are able to save the auth code in db.

<oauth:verification-code user-approval-page="/oauth/confirm_access" services-ref="verificationCodeServices" />


<beans:bean id="verificationCodeServices" class="org.springframework.security.oauth2.provide r.verification.JdbcVerificationCodeServices">
<beans:constructor-arg ref="dataSource" />
</beans:bean>

If any one has idea.. How long this code persists in db. Is this has any expiry? Any how it'll be deleted once we use it to produce the access token.

[Dave Syer]

How long this code persists in db. Is this has any expiry? Any how it'll be deleted once we use it to produce the access token.

The service deletes the codes once they are used. It probably does in the old version you are using, but you can easily find out by looking at the source code.