-
background
Around 17:00 on Wednesday, the customer service center reported that guangdong platform failed to synchronize data to the group platform. Hearing this, I vaguely guessed what was going on, but in order to verify my guess, I checked the relevant log information.
The token is not available, so I have to check it again and try to get off work at 18:00.
-
Business background
- Due to the business relationship, the company deployed a main platform, multiple sub-platforms, sub-platform user information and account information have to be synchronized to the main platform, so that you can log in on the main platform and then choose or directly jump to the corresponding sub-platform, synchronization logic is realized by HTTP interface.
- Due to the relationship between the previous business and my predecessor, the oauth_client_details table uses one client_id and sets the refreshing time. There is A problem, if the token of node A is refreshed, the token of node B will be invalid, and the time of setting cache for each sub-platform Redis may be different Cause; This caused some sub-platforms to fail to synchronize data.
- I considered setting a different client_id for each sub-platform, but with the continuous growth of business and the increase of sub-platforms, the maintenance cost was too large, so I discussed with the stack manager and decided to set the token as permanent token. Anyway, it is called between platforms and not exposed to the public.
-
The scene of the accident
The related configuration
I looked it up before I set it up
If you set access_token_validity and refresh_token_validity to null, you can use the default value for 12 hours. Call the spring-Security oAuth2 interface to get the token/auth/oauth/token? grant_type=client_credentials
If expires_in does not return, it is permanent.
-
Correct configuration
Follow the official instructions to find the relevant codesorg.springframework.security.oauth2.provider.token.DefaultTokenServices#createAccessToken
org.springframework.security.oauth2.common.DefaultOAuth2AccessToken#isExpired
If the access_token_validity value is negative, the access_token_validity value will never expire
Call the relevant interface
Nice, check the time 17:50, can leave on time, ha ha ha!
-
conclusion
Modify the frame built-in good parameters must read through the meaning of the relevant expression, wrong do not be afraid, bold and cautious, bold speculation, start to prove.