Make sure client credentials token gets refreshed
- Use spring security facilities to handle authorize requests
which at a same time handled re-authorization. As client credentials
flow don't have refresh tokens, spring security will simply check
token expire time with clock skew when to authorize.
- Clockskew on default is 60 seconds so you really need to test it with
i.e. 2min expire time.
- Fixes #3894
Re-authorize jwt with every request
- Instead of doing authorize request once, do it with
every request which will handle use of refresh token
if needed.
- Fixes #3882
Add bearer resolving to autoconfig
- Similar work done on a shell to be able to use bearer resolving
which is basically needed for jwt based setups.
- Relates #3748
Add jwt token support
- Conditionally use opaque or jwt token.
- Add support for using password grant with jtw tokens
in a shell.
- Relates #3748
- Relates #3827
