Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AccessToken expiry... #7

Open
brockgr opened this issue Feb 6, 2012 · 3 comments
Open

AccessToken expiry... #7

brockgr opened this issue Feb 6, 2012 · 3 comments

Comments

@brockgr
Copy link
Contributor

brockgr commented Feb 6, 2012

In the AuthController, when a client is granted an access token (an AccessGrant instance) and start_expiry_period! is called, an expiry of two days is stored in the database. However the AuthController then goes on to send an expires_in of Devise.timeout_in to the client, which in my case seems to be 30 minutes.

Unless I'm mistaken (which is quite possible!), shouldn't the expires_in be read from the AccessGrant, or both of theses read from Devise.timeout_in?

If you have a preference for which, I'll put in a pull request.

Regards,

Gavin
@gautamrege
Copy link
Member

You're right. I would rather keep expires_in as Devise.timeout_in.

Do send me a pull request.

@brockgr brockgr mentioned this issue Feb 7, 2012
Merged
@brockgr
Copy link
Contributor Author

brockgr commented Feb 7, 2012

Please find the referenced pull to set the AccessGrant life.

I'm suspecting there is still more work to do regarding renewing expiring tokens - there is currently no handling of refreshes - is that right? From what I see, the oauth2 client will call the auth_controller access_token with "grant_type"=>"refresh_token" and the refresh_token. It seems that the auth-provider will need to handle that.

@gautamrege
Copy link
Member

Yup - I dont think I handle a token refresh.

When I set this up the first time (earlier version of oauth), refresh_token
call was redirecting to a sign-in (i.e. refresh was not working at all). I
upgraded to the latest oauth2 version but I guess that got left out -
thanks for pointing it out.

I'll fix that.

http://www.joshsoftware.com
http://blog.joshsoftware.com

Josh Software Pvt. Ltd.
Block-6, Thube Park,
Shivajinagar,
Pune - 411005, India
Office: +91-20-25539995
Mobile: +91-9881395656
Skype: gautam14
Twitter: @gautamrege
LinkedIn: http://in.linkedin.com/in/gautamrege

On Tue, Feb 7, 2012 at 11:05 AM, Gavin Brock <
[email protected]

wrote:

Please find the referenced pull to set the AccessGrant life.

I'm suspecting there is still more work to do regarding renewing expiring
tokens - there is currently no handling of refreshes - is that right? From
what I see, the oauth2 client will call the auth_controller access_token
with "grant_type"=>"refresh_token" and the refresh_token. It seems that
the auth-provider will need to handle that.

Reply to this email directly or view it on GitHub:

#7 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gautamrege @brockgr