Persist Auth

[elkolotfi]

Actually, client details and tokens are stored in memory. Naturally this is not the best as it creates a strong coupling between the service and the data it manages.

Hence, I made this pull request to manage the authentication data on a separate container. I also shared the image on a docker repo (feel free to use your own repo if you prefer).

At your disposition for further information and/or discussion :)

[vasilaio]

In my opinion, persistent client store is best suitable when there are dynamic clients registration or when clients details can be updated in a running application. Since all clients are known upfront there is no need for such functionality. It introduces a new container just to store "static" oauth2 client configuration.

[elkolotfi]

Hi @vasilaio I agree with you about client details. Even if using mysql allow to change client informations without needing to restart the auth service. It is true that it's also a use case that shouldn't happen often but it's a plus.

On the other hand, it's better to store tokens (and refresh tokens) on a database in spite of having them on memory. Thus, we keep the information even if auth stops for some reason. Of course, keeping tokens in memory should be okay for demo purpose, but it's hard to use the app that way on production.