Do you know what is the purpose of the OAUTH_CLIENT_TOKEN table in a JDBC implementation of a Spring Oauth2 server ?
It seems that the table is never populated, however when a client obtains a token using "client credentials", its token is saved into OAUTH_ACCESS_TOKEN and not into OAUTH_CLIENT_TOKEN with a null username.
Here is the tables schemas very similar actually.
drop table if exists oauth_client_token;
create table oauth_client_token
(
token_id VARCHAR(255),
token LONGBLOB,
authentication_id VARCHAR(255),
user_name VARCHAR(255),
client_id VARCHAR(255)
);
drop table if exists oauth_access_token;
create table `oauth_access_token`
(
token_id VARCHAR(255),
token LONGBLOB,
authentication_id VARCHAR(255) PRIMARY KEY,
user_name VARCHAR(255),
client_id VARCHAR(255),
authentication LONGBLOB,
refresh_token VARCHAR(255)
);
Also the configuration into the AuthorizationServerConfigurerAdapter
@Bean
public JdbcClientTokenServices clientTokenServices() {
return new JdbcClientTokenServices(this.dataSource);
}
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(this.dataSource);
}
That table doesn't seem to be used anymore. The legacy Spring oauth2 authorization server will reach end of live in may 22.