KyleJune
commented
3 years ago Closing in favor of an alternative solution: https://github.com/udibo/oauth2_server/issues/15
Closed KyleJune closed 3 years ago
KyleJune
commented
3 years ago Closing in favor of an alternative solution: https://github.com/udibo/oauth2_server/issues/15
I added getAccessToken as an argument to authenticate to make it easy to have alternative methods of getting an accessToken. This makes it possible to get an access token from a session without having to modify the request to have an authentication header that includes the session's accessToken.
The problem with getAccessToken is that it doesn't really give a way to work around token expiration. If I change the function to getToken, I could have it first call server.getToken with the session's accessToken. Then if the token is invalid, I could have it make an api call to refresh the token for the session before calling getToken again with the newly refreshed accessToken.
The example will need some sort of locking around refreshing tokens so that the concurrent requests don't try to refresh already refreshed tokens. If the refresh token is invalid or expired, it will need to delete the session and return an AccessDenied error.