Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extended oauth token is never written to signed_request cookie #84

Closed
vwallen opened this issue Feb 1, 2013 · 2 comments
Closed

Extended oauth token is never written to signed_request cookie #84

vwallen opened this issue Feb 1, 2013 · 2 comments

Comments

@vwallen
Copy link

vwallen commented Feb 1, 2013

In FacebookMiddleware, the signed_request cookie is written from the original signed_request rather than the extended token stored in the User model. This means that even if an extended token has been saved, authorization fails once the short term token expires.

In our project we've updated the process_response method to regenerate the signed request and store that in the cookie:

if 'signed_request' in request.REQUEST:

    if request.facebook and request.facebook.user and request.facebook.user.oauth_token:
        signed_request = SignedRequest(
            signed_request = request.REQUEST.get('signed_request'),
            application_secret_key = FACEBOOK_APPLICATION_SECRET_KEY
        )
        signed_request.user.oauth_token = signed_request.User.OAuthToken(
            token = request.facebook.user.oauth_token.token,
            issued_at = request.facebook.user.oauth_token.issued_at,
            expires_at = request.facebook.user.oauth_token.expires_at
        )

        response.set_cookie('signed_request', signed_request.generate())

    else:
        response.set_cookie('signed_request', request.REQUEST['signed_request'])
@jgorset
Copy link
Owner

jgorset commented Feb 11, 2013

Thanks, @vwallen. I'll implement this as time permits (that might not be for a while, though, so please feel free to submit a pull request).

@Morpho
Copy link

Morpho commented Sep 24, 2013

This Pull does not fix this issue, as you dont change anything within signed_request.user.oauth_token.

This code snipped got lost somehow:

signed_request.user.oauth_token = signed_request.User.OAuthToken(
            token = request.facebook.user.oauth_token.token,
            issued_at = request.facebook.user.oauth_token.issued_at,
            expires_at = request.facebook.user.oauth_token.expires_at
        )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants