Closed DanielePalombo closed 2 years ago
We don't have any specification on how we can refresh an expired access_token.
This is draft documentation around the refresh token.
https://docs.google.com/document/d/1Hsk-ij1c_kO2ctonyfUPgLXMFDlvi3MK77DRbhEXUjI/edit#
My proposal is to have something like this:
SolidusBolt::Users::SyncAddressesService.call(
user: spree_current_user, access_token: SolidusBolt::Users.access_token(session)
)
So that SolidusBolt::Users.access_token
receiving the user's session returns the access_token back, refreshing it when the access_token in the session is expired.
This means we also have to change how the session is composed, adding refresh_token
and expiration_time
to the session when the access token is retrieved.
Since the refresh token call is essentially the same API call to get access token, just with a different payload, would it be possible to modify https://github.com/nebulab/omniauth-bolt/blob/main/lib/omniauth/strategies/bolt.rb#L41 so that it can do either of the calls based on parameters provided?
Refresh an expired access_token
Following the documentation provided by bolt, we should provide a service to refresh the bolt access token. This requires some refactor when the access_token is used because it cannot being retrieved directly from the session, but we should provide a service that refresh it if necessary.