Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
359 views
in Technique[技术] by (71.8m points)

ruby on rails - Doorkeeper JWT without storing the whole jwt in database

We have an oauth server that uses doorkeeper. We want to start using doorkeeper jwt, but we can't turn it on for all oauth clients yet as some are out of our control and we are pretty sure they are storing the access tokens their apps receive in a varchar(255) column which won't work if we start to hand out JWT tokens for all apps. Also we don't really want to be storing the whole JWT in our database either if we can avoid it.

Our idea is to have doorkeeper generate an opaque access token for all apps first, and store that in the db. Then before return the opaque access token to the app, we check to see if the app has JWT tokens turned on and if so convert the opaque access token to a JWT access token using the opaque access token as the JWT's jti claim. We are thinking of utilizing the before_successful_strategy_response callback to convert to a JWT using the doorkeeper-jwt gem if the app has JWT access tokens enabled.

Then, when we get a request which has an access token, check to see if the access token is a JWT access token, and if so read the jti claim out of it and use that to load the access token from the db. We don't have a good place to hook into this at the moment. Right now we are thinking of monkey patching Doorkeeper::Oauth::Token in the from_request method to check to see if the token is a JWT before returning it, and if so, return the JWTs jti instead.

Does that seem like a reasonable approach? Is there another way without monkey patching Doorkeeper::Oauth::Token?

question from:https://stackoverflow.com/questions/66056762/doorkeeper-jwt-without-storing-the-whole-jwt-in-database

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

More recent versions of doorkeeper allow you to configure the access token model class as seen here: https://github.com/doorkeeper-gem/doorkeeper/blob/55488ccd9910e0c45ed4342617da8e026f4f55b5/lib/doorkeeper/oauth/token.rb#L17

So we can hook into the access token lookup there without resorting to monkey patching.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...