search

ravipatidar54 / google-api-dotnet-client

Automatically exported from code.google.com/p/google-api-dotnet-client
Apache License 2.0
0 stars 0 forks source link

Exponential backoff for access token requests #268

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Share the refresh token with 10+ machines.
2. Perform an authenticated API request across the same machines simultaneously.

What is the expected output? What do you see instead?
Eventual success. Some kind of error (cannot tell from the code)

What version of the product are you using? On what operating system?
20121031-1.2.4687-beta

Please provide any additional information below.
http://code.google.com/p/google-api-dotnet-client/source/browse/Src/GoogleApis.A
uthentication.OAuth2/DotNetOpenAuth/AssertionFlowClient.cs#367

The problem is that if you have many machines hitting the token endpoint for 
the same refresh token, you will hit the rate limit and further requests will 
yield 403 without any computer-readable indication that you've hit a rate limit 
(there is human-readable HTML in the response that so indicates). We need to 
treat 403s as if they were a 429 (http://tools.ietf.org/html/rfc6585) and, 
without a Retry-After field, just use exponential backoff to try and get a 
refresh token. (If a Retry-After field were available, use it to establish a 
baseline for adding extra delay.)

This will not fix the underlying problem, but it will amelioriate it, and 
slowly machines will be able to start work.

FTR, none of the examples actually check the value of 
client.RefreshToken(state) to see whether auth even succeeded.

Original issue reported on code.google.com by nherr...@google.com on 1 Nov 2012 at 11:00

GoogleCodeExporter commented 9 years ago

Original comment by pele...@google.com on 6 May 2013 at 6:04

GoogleCodeExporter commented 9 years ago

Original comment by pele...@google.com on 16 Aug 2013 at 2:07

GoogleCodeExporter commented 9 years ago 
DONE!
The new OAuth 2 library uses the same HttpConfigurableMessageHnalder that 
service requests use

Original comment by pele...@google.com on 3 Oct 2013 at 6:27

GoogleCodeExporter commented 9 years ago

Original comment by pele...@google.com on 3 Oct 2013 at 7:28