Token refreshment (feature request)

[rellampec]

The authentication token for Google OAuth2 expires very soon. This is an issue because a user might be in the middle of an edit, and when clicking on SAVE will be prompted with the authentication screen (leading some times to lose all the changes of the last edit).

For security reasons, there is no way from the Cloud Application to change the expiry time on the OAuth 2.0 Client IDs under Credentials. However, it is possible from the client-side to refresh the token.

• According to the documentation, it is very straight forward to do this by setting the client object to offline access mode:

$client->setAccessType("offline");

Access tokens periodically expire and become invalid credentials for a related API request. You can refresh an access token without prompting the user for permission (including when the user is not present) if you requested offline access to the scopes associated with the token.

Not quite sure if that is all that is needed, but:

• Would it be hard to add a new setting in this plug-in to set the MinutesBeforeRevoke parameter? (at least for the Google OAuth2)

[rellampec]

mmmh... just saw that you can actually set the auth_security_timeout to a greater value... that must do it!