Skip to content

Un-encrypt access tokens #37038

New issue
New issue
Closed
Closed
Un-encrypt access tokens#37038
Assignees
jkakavas
Labels
:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>refactoringv8.0.0-alpha1
@albertzaharovits

Description

@albertzaharovits
albertzaharovits
opened on Dec 31, 2018

Right now access tokens are encrypted (AES/GCM - authenticated encryption). Since 6.2, the access token is a random UUID, by which we pull the user token from the .security index (the format moved from a self-encoded token to an identifier). Hence, I don't think we require the confidentiality and integrity any longer.

Should we un-encrypt access tokens?

Metadata

Metadata

Assignees

Labels

:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>refactoringv8.0.0-alpha1

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions