Closed pamfilos closed 3 years ago
Ping @egabancho
Is there any ETA on trying to merge the fix from CERN Analysis Preservation into invenio-oauthclient
? ATM I just have it patched from a mere replace, but encountered some issues, it would be good to have it all upstream for discussion/compatibilities.
ping @lnielsen @zzacharo similar issue happens for new cern oauth. Makes Personal access tokens
unusable as they are mean't to be long lived.
Details: Once I create a new token it only works for 5 minutes: it returns 500 after that. To work again I need to logout and login in the UI to be able to user that token for 5 more minutes.
Stack:
After discussion, it is not ideal to re-fetch CERN resource on each login via access_token. It is responsibility of the final app to decide how often synchronize the local Invenio user account with the CERN remote one, and not on each HTTP request. Closed in favor of: https://github.com/inveniosoftware/invenio-oauthclient/issues/222
When you try to do a call through the API and using the
access_token
an error is thrown, since it tries to get resources that are not there. This is due to token expiration from CERN oAuth (works when you login through the browser, and try theaccess_token
first minutes before expiration).We need to create a "refresh_token" mechanism for this to get fixed or find another workaround like storing "Groups" in the
extra_data
field (not ideal since User might be removed from a group and it won't get synced with our instance)Related with #68