Shouldn't we know upfront if need to refresh an access token

1ap / google-api-python-client

Automatically exported from code.google.com/p/google-api-python-client

Other

0 stars 0 forks source link

Shouldn't we know upfront if need to refresh an access token #200

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

I usually get a 'Refreshing due to a 401' even though the client should/could 
have known that the access_token already exired; thus saving one url_fetch

In the new_request() inside of OAuth2Credentials.authorize() the

    if not self.access_token:

should be 

    if self.access_token_expired:

or:

    if not self.access_token or self.access_token_expired:

Original issue reported on code.google.com by herr.ka...@gmail.com on 30 Sep 2012 at 5:23

GoogleCodeExporter commented 8 years ago

Working as intended. 

Tokens should only be refreshed if they are known to be expired, which you only 
know if you get a 401. If an OAuth 2.0 service is overloaded it can lighten the 
load by allowing access_tokens to be used beyond their normal lifetime, but 
that will only happen if clients use access_tokens until they get an explicit 
401.

Original comment by jcgregorio@google.com on 30 Sep 2012 at 7:53

Changed state: WontFix

GoogleCodeExporter commented 8 years ago

Ty. But actually google never extended the lifetime of my access_tokens.

Original comment by herr.ka...@gmail.com on 1 Oct 2012 at 12:18

GoogleCodeExporter commented 8 years ago

Issue 330 has been merged into this issue.

Original comment by jcgregorio@google.com on 11 Mar 2014 at 1:29