search

pelle / oauth-plugin

Rails plugin for OAuth
http://stakeventures.com/articles/2009/07/21/consuming-oauth-intelligently-in-rails
MIT License
715 stars 215 forks source link

persist refresh_token with OAuth2 models #132

Closed greggroth closed 3 years ago

greggroth commented 11 years ago

Since this only checks for the token, the refresh_token is lost. This pull request will persist the refresh_token if it's present.

THIS DOES NOT RESOLVE THE FULL PROBLEM.... OAuth2 supports refreshing a token, but oauth-plugin appears to not support this ability. Without being able to refresh the access_token, authentication through OAuth2 is pretty useless. What do you think is the best way to implement this?

greggroth commented 11 years ago

I'm guessing this will require more changes elsewhere since it requires a refresh_token column in the database. Let me know your thoughts about this PR and if there's a better way to achieve the same end. If needed, I can add documentation/code to make sure there aren't problems with adding refresh_token.

pelle commented 11 years ago

If you can add a migration to add the column it should work out of the box. Leave the code to sense if the column is there so it doesn't existing installations without it present.

greggroth commented 11 years ago

I've added the refresh_token to the migration. OAuth2 has an instance method for requesting a new access_token using the refresh_token, but once you exchange the OAuth2 AcessToken for an oauth-plugin ConsumerToken, we loose that method. I'd like to see something in oauth-plugin that handles requesting a new access_token. Do you have input on where/how this should be done?

greggroth commented 11 years ago

Any word on this?

MattRogish commented 11 years ago

+1

greggroth commented 3 years ago

I think after 9 years of inactivity I'll close this 🤣