Opened 8 years ago

Closed 7 years ago

#548 closed enhancement (fixed)

Add support for token refresh to the OAuth plugin

Reported by: nyergler Owned by:
Priority: major Milestone: 0.4.0
Component: programming Keywords: oauth review
Cc: joar, nyergler Parent Tickets:

Description

The OAuth plugin currently does not support token refresh, as described in the OAuth specification. This is needed to allow Android clients (among others) to refresh their tokens as they expire. It appears there was some planning for this, as a refresh_token field exists in the OAuthToken model, but it is currently unpopulated.

This work may overlap with work on #517.

Subtickets

Change History (6)

comment:1 Changed 8 years ago by joar

Keywords: needsreview added

I've pushed a fix for this in the oauth/refresh_tokens branch at git@github.com:joar/mediagoblin.git

Edited to remove really long diff.

Last edited 7 years ago by joar (previous) (diff)

comment:2 Changed 8 years ago by joar

Keywords: review added; needsreview removed

comment:3 Changed 8 years ago by joar

Milestone: 0.4.0

comment:4 Changed 7 years ago by Christopher Allan Webber

Cc: nyergler added

Yeowch, that's a huge diff and is kind of making this bug report long! I wonder if we should be careful about that...

anyway, adding nyergler as CC'ed. I don't think I'm well qualified to review this. Maybe Nathan is?

If it comes close to 0.4.0 and nobody else has time to review I can do a rough review and we can just merge it but I'm not really well qualified at all.

comment:5 Changed 7 years ago by nyergler

I read https://github.com/joar/mediagoblin/compare/master...oauth;refresh_tokens carefully and believe this is merge-able. I haven't tried executing it, but have don't see anything glaring. The relational model for our OAuth plugin is a little weird (foreign keys to both client and user, when I believe a client is specific to a user already), but this patch is consistent with the existing code.

I say merge it!

comment:6 Changed 7 years ago by nyergler

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.