简体繁体中英

WSO2IS access token refreshed for disabled user

原文 2020-05-24 06:43:09 9 1 wso2/ wso2is

In WSO2 Identity Server 5.9.0 I am using OAuth 2.0 Authorization Code. Access tokens are short-lived and are refreshed by refresh tokens. It implements current recommendation for SPAs and it works fine.

I also configured account disabling and I though that when I disable user which holds refresh token the user won't be able to get new access token. But /oauth2/token endpoint is issuing new tokens no matter if user is disabled or not. Is this expected? How can I deny given user to refresh access token?

1 answers

I found a workaround. If locking is used instead of disabling then it works as expected. Submitted issue to WSO2.

WSO2is Use SOAP services with Access Token

Use WSO2IS to configure user access to entities

WSO2is SCIM auth user

Error in obtaining token From wso2IS STS

WSO2IS access from within an iframe

WSO2IS Illegal access attempt WARNING

Can't access EntitlementService Webservice on wso2is

How to allow CORS access in WSO2IS 5.10.0

Restricted User for SOAP API on WSO2IS

Authorize the Service Provider token with using the username and password in WSO2IS?

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WSO2is Use SOAP services with Access Token Use WSO2IS to configure user access to entities WSO2is SCIM auth user Error in obtaining token From wso2IS STS WSO2IS access from within an iframe WSO2IS Illegal access attempt WARNING Can't access EntitlementService Webservice on wso2is How to allow CORS access in WSO2IS 5.10.0 Restricted User for SOAP API on WSO2IS Authorize the Service Provider token with using the username and password in WSO2IS?

Related Tags

WSO2IS access token refreshed for disabled user

Question

1 answers

solution1 0 ACCPTED 2020-05-26 05:26:53

solution1
0 ACCPTED 2020-05-26 05:26:53