search

stevenyvr987 / overdrive-evergreen-opac

Automatically exported from code.google.com/p/overdrive-evergreen-opac
0 stars 0 forks source link

Handle expiration of Evergreen login token #6

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
When the current log-in session is expired by the server, the web browser will 
automatically show the main screen, and presumably the log-in cookie will 
change status. We need to invalidate the Overdrive access token in order to be 
synchronized.

Original issue reported on code.google.com by steven3...@gmail.com on 10 Jun 2014 at 9:34

GoogleCodeExporter commented 9 years ago

Original comment by steven3...@gmail.com on 12 Jun 2014 at 6:51

GoogleCodeExporter commented 9 years ago 
Fixed by resetting the session cache to its default values.

Some refactoring of the code is needed to make the whole mechanism a bit more 
transparent. Some careful testing is needed.

Downgrading priority.

Original comment by steven3...@gmail.com on 30 Jun 2014 at 9:05

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Not fixed. Whatever code was made is no longer present or not truly working. A 
scenario: log in; let session persist past the expiration times of both EG and 
OD access tokens; try to search catalog for ebooks. The code tries to get 
Library Account info, but gets a 401 instead, and the code does not retry, 
which would get a new access token.

Original comment by steven3...@gmail.com on 16 Jul 2014 at 6:37

GoogleCodeExporter commented 9 years ago 
The code does do a retry after getting a 401 status from OD server, but the 
retry checks if we do not have a patron access token before trying to get a 
client access token. If we do have a patron access token, we check if we are 
logged in before triggering a log out.

Original comment by steven3...@gmail.com on 16 Jul 2014 at 7:01

GoogleCodeExporter commented 9 years ago 
There are two points of synchronization.

First, if the OD token expires, and after trying to make an API request, the OD 
server replies with 401. We need to manually log out of EG. Done; see Jul 16 
comment.

Second, if the EG token expires, the screen automatically logs out and goes to 
the main screen again. We need to detect the event and manually expire the OD 
token, so that on the next API request, it will do a retry.

How to detect the event? An indicator is: we have a valid access patron token 
but we are not logged into EG.

Original comment by steven3...@gmail.com on 23 Aug 2014 at 4:35

GoogleCodeExporter commented 9 years ago 
The coding tactic is to define an 'logout' event that publishes whether OD or 
EG might have logged out; the subscriber at the other end of the event signal 
has to checked whether it makes sense to perform a synchronization.

For an OD logout, the subscriber is the main module, and it has to simulate a 
click of the logout link, but only if the user is logged in.

Conversely, for an EG logout, the subscriber is the api module, and it has to 
reset the session cache, but only if it contains a patron access token rather 
than a library access token.

Verifying the correct behaviour is going to take some thought.

Original comment by steven3...@gmail.com on 23 Aug 2014 at 6:50