524faceb97
OAuth access tokens retrieved during login in the web UI are stored privately in OAuthSession. There is no possibility for a user to obtain that token, e.g. to authenticate with a native Git client. This patch adds a persistent cache for OAuth tokens and modifies OAuthSession to store tokens received during the login handshake with the OAuth provider in this cache. Since access tokens must be kept secret, the cache defines a new extension point OAuthTokenEncrypter. If an encrypter is provided, access tokens are encrypted before storing them in the cache, and decrypted when reading from the cache. By default, no encryption is applied. In subsequent patches a REST API for retrieving OAuth tokens will be added as well as a corresponding settings page. Change-Id: I751dd5f70dd30823bd2f531e1ac1da0759f98976 Signed-off-by: Michael Ochmann <michael.ochmann@sap.com>