[ https://issues.apache.org/jira/browse/CXF-6692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15411801#comment-15411801 ]
Sergey Beryozkin commented on CXF-6692: --------------------------------------- It should be configurable how to represent a token, for example, by default it is a binary value pointing to DB and the RS filters need to call the introspection service. Token in a JWS or JWE format becomes much more verbose - though RS may choose to validate it locally > Update AbstractOAuthDataProvider to support JWT access tokens > ------------------------------------------------------------- > > Key: CXF-6692 > URL: https://issues.apache.org/jira/browse/CXF-6692 > Project: CXF > Issue Type: Improvement > Components: JAX-RS Security > Reporter: Sergey Beryozkin > Assignee: Sergey Beryozkin > Fix For: 3.2.0, 3.1.8 > > > CXF already ships DefaultEncryptingOAuthProvider which can be used by the > servers to avoid storing the OAuth2 model, it uses a custom seriallization > format. It makes sense to offer a provider which uses a JWT token as a > properties container before encrypting it. -- This message was sent by Atlassian JIRA (v6.3.4#6332)