What is the use of JdbcApprovalStore(ApprovalStore) in spring-security-oauth?

Question

I am using JWTTOkenStore in spring-security-oauth.

The issue I am facing is I want to add support of revoking JWT token. I know there are other options to handle this but I am looking for this option. I found that we can use org.springframework.security.oauth2.provider.approval.JdbcApprovalStore for the same. Is my understanding correct? I really searched on internet for some example, but I did not find any.

    /**
     * ApprovalStore to be used to validate and restrict refresh tokens.
     * 
     * @param approvalStore the approvalStore to set
     */
    public void setApprovalStore(ApprovalStore approvalStore) {
        this.approvalStore = approvalStore;
    }

Can someone please explain me briefly what is the use JdbcApprovalStore with JWTTokenStore?

Did you find a solution for this? – Deniss M. Apr 10 '18 at 09:12 — Deniss M., Apr 10 '18 at 09:12
Hi @027 did you solve this yet? Stuck on it – Enoobong Jun 14 '19 at 07:38 — Enoobong, Jun 14 '19 at 07:38

score 3 · Answer 1 · answered May 17 '19 at 15:55

Approval stores are used to manage the decisions (approvals) made by the users (accept or deny an app). These decisions can be stored on a db (jdbc), in memory or a third which is the TokenApprovalStore. In this one, the approvals are stored on the TokenStore itself. In your case, you would need this last one.

The use of JDBC with JWT is that, whenever a token is validated by the app, it would validate if the approval which appears inside of it is the same that the one stored on a certain place (jdbc, memory or tokenStore).

I hope this helps you, I'm just starting with OAUTH

What is the use of JdbcApprovalStore(ApprovalStore) in spring-security-oauth?

1 Answers1