-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
token storage #10
Comments
@vladislavs1321 good proposal 👍 gonna to do it as soon as will have time |
@gregurco, sorry for disturbing. Any news? Quite sensitive problem for me) |
@vladislavs1321 hello. I'm thinking about this problem. I have some ideas and let me try to do a concept today/tomorrow. I will write here the result. |
@vladislavs1321 I did changes on branch https://github.com/gregurco/GuzzleBundleOAuth2Plugin/tree/persistent_storage . eight_points_guzzle:
clients:
your_client_name:
# ...
plugin:
oauth2:
# your configuration
persistent: true So, in this case access token will be persisted in session (not token storage) and used in future requests... Please write feedback after testing if you are able to test to know if it's ok and ready to merge and release. |
@gregurco , for the 1st glance looks good, but i've found some unhandled cases:
But anyway - good job, thanks a lot! |
@vladislavs1321 thanks for remarks :) yep, I didn't check this case. But lifetime is optional and yep, we can check it but better to retry to get the token once again... I will try to fix it today |
@vladislavs1321 https://github.com/Sainsburys/guzzle-oauth2-plugin/blob/master/src/Middleware/OAuthMiddleware.php#L100 - here you can see the case when we have token, it has no expiration date or expiration date is not valid (it's in future but token it not valid already) and yep, middleware will not do force update. And for me it's ok, because with such a logic you can enter in infinite loop. So, for now my suggestion is to use Also there remains possibility to delete token from session manually:
right before doing request. And it will not be restored from session and will be requested new token. Any ideas? |
@gregurco Hmm, then maybe proper way will by throw special error, coz we already change default workflow? |
@vladislavs1321 I think it's better to split it for now. I think it's better to merge current implementation and to do an release and after that step by step to handle different cases. What do you think? |
@gregurco im ok with this, let's collect feedbacks) |
@vladislavs1321 thanks :) I created and merged PR #11 . In few minutes I will do a release and I will create another issue for additional functionality. |
is it possible to have default token storage/cache to prevent each api call producing new token?
The text was updated successfully, but these errors were encountered: