Update oauth2 middleware #587

Closed
wants to merge 3 commits into
from

Conversation

Projects
None yet
3 participants
@etehtsea
Contributor

etehtsea commented Mar 5, 2014

No description provided.

lib/grape/middleware/auth/oauth2.rb
@@ -54,7 +54,7 @@ def verify_token(token)
token = token_class.verify(token)
if token
if token.respond_to?(:expired?) && token.expired?
- error_out(401, 'expired_token')
+ error_out(401, 'invalid_token')

This comment has been minimized.

Show comment Hide comment
@dm1try

dm1try Mar 5, 2014

Member

could you clarify why you invalid_token used here?
in rfc http://tools.ietf.org/html/rfc6749 possible response is invalid_grant

@dm1try

dm1try Mar 5, 2014

Member

could you clarify why you invalid_token used here?
in rfc http://tools.ietf.org/html/rfc6749 possible response is invalid_grant

This comment has been minimized.

Show comment Hide comment
@etehtsea

etehtsea Mar 5, 2014

Contributor

That was typo. Fixed, thanks.

@etehtsea

etehtsea Mar 5, 2014

Contributor

That was typo. Fixed, thanks.

This comment has been minimized.

Show comment Hide comment
@etehtsea

etehtsea Mar 5, 2014

Contributor

@dblock @dm1try according to http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-23#section-3.1 error should be invalid_token. Does anybody knows how it should look like?

@etehtsea

etehtsea Mar 5, 2014

Contributor

@dblock @dm1try according to http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-23#section-3.1 error should be invalid_token. Does anybody knows how it should look like?

This comment has been minimized.

Show comment Hide comment
@dm1try

dm1try Mar 5, 2014

Member

@etehtsea , sorry it's my fault..😔 rfc you provided seems more valid for our case. I used rfc link from oauth2 main page and just fluently search for differences but seems we should rely on this document that describes "Bearer Token Usage".

@dm1try

dm1try Mar 5, 2014

Member

@etehtsea , sorry it's my fault..😔 rfc you provided seems more valid for our case. I used rfc link from oauth2 main page and just fluently search for differences but seems we should rely on this document that describes "Bearer Token Usage".

This comment has been minimized.

Show comment Hide comment
@dm1try

dm1try Mar 6, 2014

Member

@dblock , any thoughts?

@dm1try

dm1try Mar 6, 2014

Member

@dblock , any thoughts?

This comment has been minimized.

Show comment Hide comment
@dblock

dblock Mar 6, 2014

Owner

tbh i don't know what the 'right' thing to do here, oauth2 spec is always in flux. It would be great if you guys could figure it out and PR the "right thing to do".

@dblock

dblock Mar 6, 2014

Owner

tbh i don't know what the 'right' thing to do here, oauth2 spec is always in flux. It would be great if you guys could figure it out and PR the "right thing to do".

etehtsea added some commits Mar 5, 2014

Add access_token to oauth middleware
In latest oauth2 spec versions oauth_token was replaced with
access_token
@dblock

This comment has been minimized.

Show comment Hide comment
@dblock

dblock Mar 5, 2014

Owner

It would be great to have a clearer CHANGELOG, "latest" spec will become not so latest soon :) Maybe a spec version or a link or something like that?

Owner

dblock commented Mar 5, 2014

It would be great to have a clearer CHANGELOG, "latest" spec will become not so latest soon :) Maybe a spec version or a link or something like that?

@etehtsea

This comment has been minimized.

Show comment Hide comment
@etehtsea

etehtsea Mar 5, 2014

Contributor

@dblock added spec version.

Contributor

etehtsea commented Mar 5, 2014

@dblock added spec version.

@dblock

This comment has been minimized.

Show comment Hide comment
@dblock

dblock Mar 5, 2014

Owner

Thanks, merging.

Owner

dblock commented Mar 5, 2014

Thanks, merging.

@dblock

This comment has been minimized.

Show comment Hide comment
@dblock

dblock Mar 5, 2014

Owner

Merged via 01f2590.

Owner

dblock commented Mar 5, 2014

Merged via 01f2590.

@dblock dblock closed this Mar 5, 2014

@etehtsea etehtsea deleted the SPBTV:fix-expired-token branch Mar 5, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment