Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-9046

Azure Key Vault: Use refresh token and expiration period to avoid round trip when bearer token expires

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Provenance:
      Internal Delivery

      Description

      Today we always react to a 401, and fetch a new access_token when the server says we need a new one. This implies an extra round trip to key vault.

      According to the docs:

      https://docs.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-protocols-oauth-code

      The return of a successful authorization includes a refresh_token and expires_on, so we could know automatically when the bearer token is about to expire, and get a new one using the refresh token.

      This will save one round trip to key vault when the token expires. Not a huuge win, but more Oauth2 compliant "how it should be done".

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              tomas Tomas Gustavsson
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - 4 hours
                  4h
                  Remaining:
                  Remaining Estimate - 4 hours
                  4h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified