jcoglan
commented
12 years ago Can you provide code to reproduce this? How are you processing password exchanges currently?
Closed xiaotian closed 12 years ago
jcoglan
commented
12 years ago Can you provide code to reproduce this? How are you processing password exchanges currently?
xiaotian
commented
12 years ago Thanks for your quick response James,
here are the provider side code in a rails controller class I have briefly looked at the source of oauth2 provider, seems the exchange code always set the refresh_token to nil.
class Oauth2Controller < ApplicationController before_filter :setup_oauth
def authorize login = Login.with_username(params[:username]).first oauth2 = OAuth2::Provider.parse(login, request.env) response.headers.merge!(oauth2.response_headers) render :text => oauth2.response_body, :status => oauth2.response_status end
private
def setup_oauth
OAuth2::Provider.handle_passwords do |client, username, password|
login = Login.with_username(username).first
is_authentic = login && login.try_authentication_test_with_threat_of_suspension { |l|
l.authenticated? password
}
if is_authentic and login.active? and login.user?
# self.current_login = login
login.last_seen_at = Time.now
login.save
login.grant_access!(client)
else
nil
end
end
endXiaotian Guo
On Friday, July 20, 2012 at 11:43 AM, James Coglan wrote:
Can you provide code to reproduce this? How are you processing password exchanges currently?
Reply to this email directly or view it on GitHub: https://github.com/songkick/oauth2-provider/issues/30#issuecomment-7137923
jcoglan
commented
12 years ago Quick tip: you shouldn't be doing OAuth2::Provider.handle_passwords on every request, you can move this block up to the top level. It's basically configuration, or like declaring a controller.
I'll follow up once I've investigated the problem more.
xiaotian
commented
12 years ago Thanks much James!
BTW, I am using OAuth2 gem on the client side, seems by default the client sends "Bearer
Xiaotian Guo
On Friday, July 20, 2012 at 11:56 AM, James Coglan wrote:
Quick tip: you shouldn't be doing
OAuth2::Provider.handle_passwordson every request, you can move this block up to the top level. It's basically configuration, or like declaring a controller.I'll follow up once I've investigated the problem more.
Reply to this email directly or view it on GitHub: https://github.com/songkick/oauth2-provider/issues/30#issuecomment-7138225
jcoglan
commented
12 years ago It implements draft-10, which requires Authorization: OAuth $token header or oauth_token in the query string or body. I've personally never found it necessary to use a client library for OAuth 2.0, especially with the number of different drafts and no final version. Might make more sense if/when the spec is finalized.
xiaotian
commented
12 years ago James, wondering if you have had chance to look into the refresh token expires_in issue, I'd be happy to work on this and your advice/suggestion would be much appreciated.
jcoglan
commented
12 years ago This should be fixed in 46eb31e. You can now do, for example:
resource_owner.grant_access! client, :durarion => 7.daysIt does not implement refresh tokens, but that's not implemented at all yet and I'd consider it a separate issue.
xiaotian
commented
12 years ago Thanks, I will try that out.
On Thursday, August 23, 2012 at 9:40 AM, James Coglan wrote:
resource_owner.grant_access! client, :durarion => 7.days
Only access token is returned. I plan to add this and create a pull request, it'd be great if you can give some suggestions on how to integrate this. Thanks!