Idea ID: 2787136

Store OAUTH Authorization Grant on an external database

Status: Waiting for Votes

Waiting for Votes

See status update history

Currently, we must store OAUTH Authorization Grants in an existing LDAP attribute.
The attribute must either be something that already exists (and is not specific to NAM), or the schema must be extended.
Not everyone is able or is willing to extend their schemas. Also, it may be risky to use an existing attribute that may be, in the future, used by some other program.

The request is to allow OAUTH Authorization Grant data to be stores on an external database.
As an alternative, it could also be stores on the local LDAP server, even if the user store is using an external LDAP server (ex.: Active Directory).
  • I'd also like to see an enhancement with regard to the grant/consent storage and have it separated from the authentication directory

    Add the capability to specify an external [non-authentication] LDAP or JDBC  data store to use for Authorization Grant LDAP Attribute storage (nidsOAuthGrant) value storage.
    Currently it is only possible to specify the attribute name if you chooses not to use the default of nidsOAuthGrant.
    The current functionality creates a limitation to a single data store in the authentication contract used.