OAuth 2 Enhancements

We need to add an option to the OAuth plugin to allow for refresh tokens to not be deleted when a new one is issued, and to add an option to allow for multiple access tokens per refresh token (they’ll be revoked when the TTL expires, but shouldn’t be revoked when a new access token is granted).

My question is, what’s the best way to implement these enhancements with the new database layer changes in 1.x? Also, is there a path to get these enhancements into the official OAuth 2 plugin?

1 Like

@hbagdi can you or someone from the Kong team provide some insight here? This is a very important feature for us and I’m sure others in the Kong Community would benefit from this flexibility as well.

Please take a look at the following PR as a reference to create TTL based tokens: https://github.com/Kong/kong/pull/4984

We have no plans of adding this support from our side but a community led PR can sure help here.