New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Recommended method of refreshing tokens #37
Comments
I'm not sure if I understand your problem correctly. As you suggested I would go with overriding the |
Thanks for the response. However, the custom manger used for the AuthToken model only returns the token string as seen here. |
Ah, should have read more carefully. I can't see a reason why Otherwise I would suggest just looking up the AuthToken record by the token string, the performance impact should be minimal. |
I messed around with the codebase a little, and it appears that a change like that is not so simple. For starters, the If you have any more ideas on how to get the same token value generated earlier in the function from an Thanks for your time. Edit: On second thought, this could be accomplished by returning a tuple of the form |
What if create returned an authtoken object with a token property? The token property would be ephemeral, but could be accessed for the api. This would bring the create method return value back to a more standard form while still allowing access to the undigested token. |
close due to inactivity |
We are currently using
in combination with a setting:
We believe it works to some extent. It seems to break sqlite though :( That's particularly annoying for testing. |
Hey @muelli also in regards to your comment at #3 (comment). Yes, that is missing and I would love see your implementation in a fully working state. |
Not really. But I think I believe to know what the problem is.
|
Hmm maybe we can think of some buffer mechanism to avoid writing to the db always but rather when the last request was x seconds in the past. But I would not want to introduce any 3rd party dependency for that. Well but first of all we would need a unit test to replicate the problem, I haven't experienced such problem with sqlite before. |
simply issue multiple requests at once which cause writes to the DB. And yeah, if Knox itself had a mechanism of updating the token's expiry, it could include a precision test as exampled in my snippet. |
To me, it makes more sense to put the logic of the expiration extension in the
|
will be released in 3.2.0, see #105 for some more unit tests. Feedback welcome! |
I would like to implement a method of refreshing tokens from a single page app. The refresh itself seems pretty simple, but I was wondering what the best way of accessing a token's expiration time is. I was thinking about overriding the login view to return the expiration time as well, but the manager method to create new tokens only returns the token's key. Any input would be much appreciated.
The text was updated successfully, but these errors were encountered: