OAuth Refresh Token (Auto-Refresh)

kevinohara80 / nforce

nforce is a node.js salesforce REST API wrapper for force.com, database.com, and salesforce.com

MIT License

474 stars 167 forks source link

OAuth Refresh Token (Auto-Refresh) #24

Closed shurex closed 10 years ago

shurex commented 11 years ago

How do we handle access token refreshing when expired?

kevinohara80 commented 11 years ago

There is a refreshtoken method you will need to use. Right now, nforce doesn't do any auto-refresh. That's on purpose so users can implement it how they want.

refreshToken() -> https://github.com/kevinohara80/nforce/blob/master/index.js#L178

jesperfj commented 11 years ago

I think it would be super nice if the library supported autorefresh with an option to turn off and handle manually. It is a perennial stumbling block for API newbies

kevinohara80 commented 11 years ago

Yeah, I've thought about it. I'd be willing to take a PR but it might take some time for me to get to this if I'm going to write it. It's a tad tricky because it involves trying the request, then caching the original request while refreshing, then returning the original request. That juggling gets complicated when dealing with the stream interfaces.

I'll re-open as a feature request to see if anyone wants to contribute.

jesperfj commented 11 years ago

Yes, it's tricky. Here's a similar implementation in Java that I wrote a while ago.

kevinohara80 commented 10 years ago

Thoughts:

Implement this at the _apiRequest level so that each method doesn't need to implement it. This also helps with the new plugin system (less for users to implement)
Would need to cache the original request, try it, fail due to expiration, request refresh, then re-try the original request
This should be a connection configuration option, defaulted to false.

Here is the api for revoking oauth tokens. This will be needed for testing. This should also be a function in nforce.

http://help.salesforce.com/HTViewHelpDoc?id=remoteaccess_revoke_token.htm&language=en_US

jesperfj commented 10 years ago

:+1: on picking this up!

Not familiar enough with nforce internals to comment on implementation, but sounds about right.

annoyingmouse commented 10 years ago

+1 from me as well

troygoode commented 10 years ago

Hi @kevinohara80, I love this feature. Could we have nforce emit an event when this occurs though, so we can store the updated token for future use?

troygoode commented 10 years ago

(Alternatively, if you were to call self.refreshToken instead of Connection.prototype.refreshToken we could patch that functionality in ourselves.)

kevinohara80 commented 10 years ago

@troygoode see the attached commit. I didn't do the event emitter because it's only a single event. Instead, you can provide a function that's called at the end of the refresh. See the readme for an example. This is released in v0.8.0-beta.2

https://github.com/kevinohara80/nforce#access-token-auto-refreshes

troygoode commented 10 years ago

Excellent. That looks great @kevinohara80.

kevinohara80 commented 10 years ago

Closing as this was implemented in 0.8.0