The present invention relates to managing information technology systems and software, and more particularly to extending an authorization standard in a scalable environment.
The OAuth 2.0 specification defines a framework that enables a third party application to obtain limited access to a service, either on behalf of a resource owner by coordinating an approval interaction between the resource owner and the service, or by allowing the third party application to obtain access on its own behalf.
By default, a current OAuth 2.0 framework implementation ensures that (i) an access token is associated with a given refresh token and (ii) the access token has limited validity and is invalid when expired or refreshed using the refresh token.
In a cloud or cloud integration environment, it is common to bring up multiple instances of an application to support load balancing and fail over, where each instance shares the copy of the access token and the refresh token. In some situations, multiple applications can use copies of the access and refresh tokens. Thus, each instance must have a logic to refresh the token if the token is expired or invalidated. In such an environment, refreshing token(s) by an instance or application leads other instances or applications to have invalid token(s) because tokens are shared across instances. In such situations, each and every instance should obtain a token refreshed to make a valid request. Furthermore, these situations may result in the instance or application holding an invalid token indefinitely, which leads to an application failure, an increased load on the server, and/or a decrease in throughput of the server and the application.