Spring Security Support Reactive One-Time Tokens in a Clustered Environment

To support reactive one-time token login for a clustered environment, need to implement R2dbcReactiveOneTimeTokenService or something like this.

Comment From: jzheaux

Agreed, @franticticktick. Are you able to submit a PR to add this?

Comment From: franticticktick

Hi @jzheaux , I will be submitting a PR in the next couple of days, could you assign this issue to me please?

Comment From: franticticktick

@jzheaux I would like to ask you for advice, I’m not sure how best to implement the ability to delete expired tokens. JdbcOneTimeTokenService has a taskScheduler that does the cleanup:

    private ThreadPoolTaskScheduler createTaskScheduler(String cleanupCron) {
        if (cleanupCron == null) {
            return null;
        }
        ThreadPoolTaskScheduler taskScheduler = new ThreadPoolTaskScheduler();
        taskScheduler.setThreadNamePrefix("spring-one-time-tokens-");
        taskScheduler.initialize();
        taskScheduler.schedule(this::cleanupExpiredTokens, new CronTrigger(cleanupCron));
        return taskScheduler;
    }

For R2dbcReactiveOneTimeTokenService I can try to implement this via Flux.intervalor Scheduler.schedulePeriodically but this does not provide the same API as JdbcOneTimeTokenService. Maybe we should suggest calling the cleanupExpiredTokens method in a background task in the client code?