I noticed a case leading to an infinite loop when using oauth2 logging without a refresh_token.
It can be reproduced by using get_oauth2_permissions.js utility, removing the refresh_token from oauth2-creds.json and running read-basic.js example.
Note that this only happens when you remove the refresh_token, not if you just set it to a wrong value.
The problem is that we're setting the value 'DUMMY' as the oauth2 client's access token before requesting for an actual access token (See auth.js l.54). This means the client won't even request Google and will return the 'DUMMY' token right away. Then the requests for data will return 401 due to the wrong access token, triggering the re-authenticate workflow forever.
I can't see any reason for this 'DUMMY' value, and I think it can be removed. What do you think @cybic?
Hello,
I noticed a case leading to an infinite loop when using oauth2 logging without a refresh_token.
It can be reproduced by using
get_oauth2_permissions.jsutility, removing the refresh_token fromoauth2-creds.jsonand runningread-basic.jsexample.Note that this only happens when you remove the refresh_token, not if you just set it to a wrong value.
The problem is that we're setting the value 'DUMMY' as the oauth2 client's access token before requesting for an actual access token (See auth.js l.54). This means the client won't even request Google and will return the 'DUMMY' token right away. Then the requests for data will return 401 due to the wrong access token, triggering the re-authenticate workflow forever.
I can't see any reason for this 'DUMMY' value, and I think it can be removed. What do you think @cybic?