Skip to content

Support max_age parameter for OAuth2 authorization server #6493

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
chrylis opened this issue Jan 30, 2019 · 3 comments
Closed

Support max_age parameter for OAuth2 authorization server #6493

chrylis opened this issue Jan 30, 2019 · 3 comments
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)

Comments

@chrylis
Copy link

chrylis commented Jan 30, 2019

Pending #6320, I have an application where the OICD max_age parameter would be useful to have for forcing re-authentication before a sensitive operation. I'd like to include this feature in the new support.
@rwinch
Copy link
Member

rwinch commented Jan 31, 2019

Thanks for reaching out. Are you looking to provide this via the authorization server or the client (or both)?

@rwinch rwinch self-assigned this Jan 31, 2019
@rwinch rwinch added status: waiting-for-feedback We need additional information before we can continue in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Jan 31, 2019
@chrylis
Copy link
Author

chrylis commented Jan 31, 2019

To my knowledge, this is a server-based operation; the client calls authorize and requests a specific limit on the time since the last active authentication (in many cases, zero to force a reauthentication for some specific operation such as a crypto withdrawal). I suppose that some sort of API support in the client could be useful, but at this point I don't have the experience I'd need to know what would be ergonomically appropriate.

@rwinch rwinch removed their assignment Jul 29, 2019
@jgrandja
Copy link
Contributor

The Spring Security team has decided to no longer provide support for Authorization Servers.

Please see the latest announcement on Spring Security OAuth 2.0 Roadmap Update.

@jgrandja jgrandja removed the status: waiting-for-feedback We need additional information before we can continue label Nov 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rwinch @chrylis @jgrandja