Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-18961

Improve Refresh Token lifecycle management in Live Connect

    XMLWordPrintable

    Details

      Description

      For service like Box, the refresh token is valid until 60 days and could be used only once to get a new access token.

      As the credential retrieving could be concurrent, two threads could ask an access token refresh with the same refresh token.
      First one will work and the new access token and refresh token will be saved in DB. But as the second one won't work, values saved in DB at this time will be a null access token and the old refresh token (one which is invalid at this moment).

        Attachments

          Issue Links

          is required by

          Bug - A problem which impairs or prevents the functions of the product. NXP-19608 Deadlock due to synchronized lock in AbstractLiveConnectBlobProvider.getCredential

          • Major - Major loss of function.
          • Resolved

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. NXP-18642 Nuxeo Live Connect For Box

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: