Satosa OIDC Frontend without Database?
shaardie opened this issue · 1 comments
This is a more of a question than an issue. I would have used the mailing list, but unfortunately the link to it is broken.
I saw some commit about stateless workflows for the OIDC Frontend, does that mean that there is no need for a database anymore for this use case?
According to the docs they are still required.
There has been some work on pyop to allow the frontend to work without a database. The way this works is by turning the tokens into JWTs and storing all the needed data within it.
While this approach works for certain use-cases, it has its own drawbacks. Most importantly, there is no way to revoke a token; the only mitigation is to change the signing key thus rendering all tokens invalid. This forces you to keep the access_token active for a short period of time.
PS: sorry about the link, I will look into fixing it asap