Hi, i noticed that when requesting access token using client credential grant type, the plugin always creates a new access token although one already exist and still valid (assuming valid client credential is given). This means that a consumer can generate unlimited access token, resulting in high database storage usage and possibly low performance in looking up the access token. Won’t this becomes a problem if there is a miss-configured or even malformed consumer with ill-intentions?
Related Topics
Topic | Replies | Views | Activity | |
---|---|---|---|---|
OAuth2 Client Credentials Flow - Issue with Access Token | 2 | 993 | September 19, 2018 | |
403 Forbidden | Access Token | 1 | 1379 | March 13, 2020 | |
Sample Oauth2 config.enable_client_credentials=true example | 1 | 361 | October 13, 2020 | |
OAuth2 client_credentials scope association for every application | 0 | 978 | February 13, 2019 | |
Enable OAuth2 for Multiple Services | 5 | 3205 | July 12, 2018 |