Junior Member
Invalidate provider session
We are using version 3.19.SS3 with Spring Security 3.0.3.
We would like to not block access to the provider site when a user logs out of the consumer site.
Is there a call to invalidate the provider's access token when the user logs out of the consumer application?
Thanks
Junior Member
spring webflow migration from 1.0.4 to 2. 0
Hi everyone,
iam migrating my application from Spring-webflow.1.0.4 to spring-webflow.2.0
iam getting compilation eroors that ApplicationView and ViewSelection not resolved please help me any other solution regarding this..
Member
Dude, this is the OAuth forum...pick the Web Flow forum if you have troubles with Web Flow: http://forum.springsource.org/index.phpOriginally Posted by mdevendar@gmail.com
Senior Member
Wait... I don't get it... I presume by your question that you want to invalidate the access token on the provider-side when the user logs out. Is that right?We would like to not block access to the provider site when a user logs out of the consumer site.
The OAuth spec doesn't specify how a consumer can invalidate a provider access token, nor does it specify the lifecycle of the token. It's left up to the implementors to do that.Is there a call to invalidate the provider's access token when the user logs out of the consumer application?
Basically, you'll have to write custom code to invalidate the access token since the way to do that is custom to the provider.
Junior Member
Thanks for the reply.
Sorry, the first line should read "block access to the provider site when the user logs out of the consumer site".
We currently found a workaround using the logout URL of the provider defined in the <form-login/> element. This destroys the session which seems to be storing the oauth token. So when the user logs out the consumer site, an HTTP GET is sent to the provider logout URL as well. Not very elegant.
Posting Permissions
Reply With Quote