Hey guys,

I know those token spring generates a UUID formatted string. One of my concerns is that it's not really "unique"; it is possible for the UUID to create a token exactly the same as a previous one (of course the odds are VERY small but still possible).

I'm using a database to store my user's token and I'm not sure if Spring checks if the token already exists before creating one in the database?

My second question is : Is it possible to create my own token instead of the UUID format, I'd like to have a more "unique" token like the current timestamp with the user's ID and username and then hash everything and that will be my token instead of 49784c38-43b1-.....

I already have a custom TokenEnhancer that I use to add custom info when returning the token to the client but how can I create a custom token before saving it in my database?

Thanks for you help!

Hi, I recommend asking at StackOverflow. Others may have more information on how to accomplish this. Regarding the use of UUIDs, I'm not sure there is really concern of uniqueness. If you feel it is a bug or enhancement, then please open an issue on the SpringSecurity OAuth project. Thanks!

Done, here's the link for future reference : http://stackoverflow.com/questions/29618658/spring-how-to-create-a-custom-access-and-refresh-oauth2-token

Thanks Roy!