Github user ilgrosso commented on the issue:
https://github.com/apache/syncope/pull/70
@IsurangaPerera I don't remember the details, but what I can see from the
source three is that `AccessTokenDataBinderImpl#create` is invoked in two
places:
1.
https://github.com/apache/syncope/blob/master/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java#L84
(plain login)
1.
https://github.com/apache/syncope/blob/master/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java#L549
(SAML 2.0 login)
The former provides `replaceExisting` as `false`, the latter as `true`.
From the code in `AccessTokenDataBinderImpl#create` I can see that:
* for plain login, JWT is generated only at first invocation
* for SAML 2.0 login, JWT is generated at every invocation, and existing
JWT is replaced if existing
Moreover, I cannot recall exactly why the UNIQUE constraint is not imposed
to AccessToken's `owner`.
---
