Remove Token Persistance

[dushaniw]

Overview

Currently although we are generating JWT tokens for access tokens, we persist the token details in the DB. The expectation is that we don't persist this token details in the DB. In simple words, generate the JWT token in-memory and return.

Tasks

• POC - Verify token persistence removal can be done by only implementing the AccessTokenDao interface #571
• Finalize Design Document for token generation, revocation, validation and refresh
• Implementation for token generation, revocation, validation and refresh
  • Handle token revocation for access token
  • Handle token revocation for refresh token
  • Handle Single use of Refresh Token
  • Validate Introspection Flow
  • Validate UserInfo endpoint
• Design for handling indirect token revocation events
• Implementation for indirect token revocation event handling
  • Handle user activities related revocation flows
  • Validate Application deletion
  • Handle revocation of tokens during consumer secret regeneration
• Writing unit test cases
• Testing
  • Performance Testing
  • Load Testing
  • Regression Testing
  • Validate Publisher, Store, Admin UIs - Logins and other flows
• Implementation for migration if any

[dushaniw]

duplicate of #1664