0

Do you know what is the purpose of the OAUTH_CLIENT_TOKEN table in a JDBC implementation of a Spring Oauth2 server ?

It seems that the table is never populated, however when a client obtains a token using "client credentials", its token is saved into OAUTH_ACCESS_TOKEN and not into OAUTH_CLIENT_TOKEN with a null username.

Here is the tables schemas very similar actually.

drop table if exists oauth_client_token;
create table oauth_client_token
(
    token_id          VARCHAR(255),
    token             LONGBLOB,
    authentication_id VARCHAR(255),
    user_name         VARCHAR(255),
    client_id         VARCHAR(255)
);

drop table if exists oauth_access_token;
create table `oauth_access_token`
(
    token_id          VARCHAR(255),
    token             LONGBLOB,
    authentication_id VARCHAR(255) PRIMARY KEY,
    user_name         VARCHAR(255),
    client_id         VARCHAR(255),
    authentication    LONGBLOB,
    refresh_token     VARCHAR(255)
);

Also the configuration into the AuthorizationServerConfigurerAdapter

@Bean
public JdbcClientTokenServices clientTokenServices() {
    return new JdbcClientTokenServices(this.dataSource);
}

@Bean
public TokenStore tokenStore() {
    return new JdbcTokenStore(this.dataSource);
}
kaizokun
  • 926
  • 3
  • 9
  • 31
  • It looks like you are referring to a table in the legacy [`spring-security-oauth` project](https://spring.io/projects/spring-security-oauth). This project is [deprecated](https://spring.io/blog/2020/05/07/end-of-life-for-spring-security-oauth). Please migrate to a supported version of Spring Security for OAuth 2.0 client support. You can follow the official migration guide [here](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide). – Eleftheria Stein-Kousathana Nov 17 '21 at 14:57
  • @EleftheriaStein-Kousathana Thanks I didn't know it was deprecated... I found another topic about a new authorisation server [here](https://stackoverflow.com/questions/59273338/what-is-the-replacement-for-the-deprecated-authorizationserver-in-spring-securit) – kaizokun Nov 17 '21 at 17:12

1 Answers1

1

That table doesn't seem to be used anymore. The legacy Spring oauth2 authorization server will reach end of live in may 22.

kaizokun
  • 926
  • 3
  • 9
  • 31