Open GoogleCodeExporter opened 9 years ago
For reference, I believe this is the section you're referencing:
http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.2.2
Unfortunately the spec is not clear about what should be done when the
expiration isn't specified. Lacking a clear answer, I implemented it as being a
one-time token. I don't know of any server implementations that issue tokens
without any expiration (I'm really only familiar with the ones in the demo),
but if there are any, I'm happy to consider changing my assumption to allow
expiration-free tokens.
Original comment by jasonhall@google.com
on 27 Oct 2011 at 3:12
[deleted comment]
may i know which file need to modify in order to make change the default
expirary time? what is the maximum can set?
Original comment by travalle...@gmail.com
on 27 Dec 2011 at 1:34
Is it correct just by changing expires_in=XXX in below file AuthRequest ? what
is the maximum can set?
String toUrl(Auth.UrlCodex urlCodex) {
return new StringBuilder(authUrl)
.append(authUrl.contains("?") ? "&" : "?")
.append("client_id").append("=").append(urlCodex.encode(clientId))
.append("&").append("response_type").append("=").append("token")
.append("&").append("scope").append("=").append(scopesToString(urlCodex))
.toString();
}
Original comment by travalle...@gmail.com
on 27 Dec 2011 at 1:48
In order to interpret the absence of an expiration such that a token does not
immediately invalidate, you would have to edit line 88 of Auth.java:
http://code.google.com/p/gwt-oauth2/source/browse/trunk/src/com/google/api/gwt/o
auth2/client/Auth.java#88
if (info == null || info.expires == null || expiringSoon(info)) { <-------- THIS LINE
// Token wasn't found, or doesn't have an expiration, or is expired or
// expiring soon. Requesting access will refresh the token.
doLogin(authUrl, callback);
} else {
// Token was found and is good, immediately execute the callback with the
// access token.
...
}
You would want to remove the info.expires == null check, since that means that
lack of an expiration will immediately re-trigger login.
I will probably make this change myself, since, for example, the Foursquare API
issues tokens that do not expire.
Original comment by jasonhall@google.com
on 28 Dec 2011 at 6:42
Original issue reported on code.google.com by
wolter.e...@gmail.com
on 27 Oct 2011 at 1:14