AuthenticationClient caching user when creating OIDC access tokens about okta-auth-java HOT 5 CLOSED

Thanks @landon-shumway! This is NOT expected, caching is actually disabled:
https://github.com/okta/okta-auth-java/blob/master/impl/src/main/java/com/okta/authn/sdk/impl/client/DefaultAuthenticationClient.java#L68

The Javadoc is wrong, we will fix that (it was likely a copypasta from our Management SDK)

As for the cache issue, do you have any OKTA_* environment variables, or a ~/.okta/okta.yaml file.

from okta-auth-java.

We do not. We only set the URL to our Okta account which is defined as a static constant in the same Java class as that code snippet.

from okta-auth-java.

@landon-shumway Thanks for raising this! Just so I understand the issue better, how are you executing the /oauth2/v1/authorize call and the next /oauth2/v1/token call? In other words, I assume the Auth SDK is used only for the first session token call, right?

from okta-auth-java.

@arvindkrishnakumar-okta We use RestTemplate to call the /oauth2/v1/authorize endpoint, and then we extract the access token from the location header (this snippet if pulled together from several functions, so I apologize if I'm missing a step here):

ResponseEntity<String> response = restTemplate.exchange(authorizeUrl, HttpMethod.GET, entity, String.class);
URI location = response.getHeaders().getLocation();
 List<NameValuePair> queryValues = URLEncodedUtils.parse(location.getFragment(), Charsets.UTF_8);
 Optional<NameValuePair> accessToken =
     queryValues.stream().filter(x -> x.getName().equals(ACCESS_TOKEN_NAME)).findFirst();


return accessToken.get().getValue();

Yes, we were only using the Auth SDK to generate the OIDC session token. All of our other calls to Okta are made through RestTemplate.

from okta-auth-java.

@landon-shumway is this still an issue?

Feel free to reopen with comments if needed.

from okta-auth-java.