Java Architecture Diary
Apr 7, 2020 · Information Security
Why OAuth2 Tokens Miss expires_in and How Spring Security Handles It
The article examines why the demo environment of pig4cloud returns an OAuth2 access token without the expires_in field, contrasts it with a local deployment, analyzes the Spring Security OAuth2 token generation code, and explains that according to the OAuth2 specification the expires_in parameter should be returned even for permanently valid tokens.
OAuth2Spring Securityaccess token
0 likes · 4 min read