OAuth 2.0 #74

Closed
neocotic opened this Issue Feb 28, 2012 · 3 comments

Comments

Projects
None yet
1 participant
@neocotic
Member

neocotic commented Feb 28, 2012

Update OAuth implementation to 2.0 by using oauth2-extensions. The author has also created a walkthrough.

This may also be useful for #72 but an additional adapter may be required.

@ghost ghost assigned neocotic Feb 28, 2012

@neocotic

This comment has been minimized.

Show comment
Hide comment
@neocotic

neocotic Feb 28, 2012

Member

After playing around a bit with this I'm not sure if this will be ideal in all cases. It seems using this with Google URL Shortener will then mean access tokens can expire after a minute and will need to be refreshed. I'll have a look at how the refresh flow works and see if it's viable. Otherwise, I'll only be implementing this partially to support bitly, if it works for that.

Also, it appears not to callback if the OAuth fails or the flow is broken (e.g. user cancels/closes tab), meaning the login button doesn't revert back to its enabled. This was the same for the current implementation but was easily tweaked so I'll need to see if the same can be done for this.

Finally, there seems to be a problem with setting up bitly applications right now so I won't really be able to test this properly yet.

Member

neocotic commented Feb 28, 2012

After playing around a bit with this I'm not sure if this will be ideal in all cases. It seems using this with Google URL Shortener will then mean access tokens can expire after a minute and will need to be refreshed. I'll have a look at how the refresh flow works and see if it's viable. Otherwise, I'll only be implementing this partially to support bitly, if it works for that.

Also, it appears not to callback if the OAuth fails or the flow is broken (e.g. user cancels/closes tab), meaning the login button doesn't revert back to its enabled. This was the same for the current implementation but was easily tweaked so I'll need to see if the same can be done for this.

Finally, there seems to be a problem with setting up bitly applications right now so I won't really be able to test this properly yet.

@neocotic

This comment has been minimized.

Show comment
Hide comment
@neocotic

neocotic Feb 29, 2012

Member

To refresh tokens I just need to call authorize. However, since this function could also open the popup I need to check that we already have the accessToken and a refreshToken and call it just before the endpoint.

To make using this framework easier I'm probably going to fork it and make the following changes;

  • Add a bitly adapter
  • Add a new hasAccessToken function (!!getAccessToken)
  • Reduce how many values are stored in localStorage by grouping all values under their own adapter-specific object (e.g. oauth_google)
  • Broken authorization flows should still call callback but perhaps with a boolean argument to indicate whether or not it completed
  • Remove console outputs by default
Member

neocotic commented Feb 29, 2012

To refresh tokens I just need to call authorize. However, since this function could also open the popup I need to check that we already have the accessToken and a refreshToken and call it just before the endpoint.

To make using this framework easier I'm probably going to fork it and make the following changes;

  • Add a bitly adapter
  • Add a new hasAccessToken function (!!getAccessToken)
  • Reduce how many values are stored in localStorage by grouping all values under their own adapter-specific object (e.g. oauth_google)
  • Broken authorization flows should still call callback but perhaps with a boolean argument to indicate whether or not it completed
  • Remove console outputs by default
@neocotic

This comment has been minimized.

Show comment
Hide comment
@neocotic

neocotic Mar 2, 2012

Member

This is pretty much done and I'm about to create a pull request with my changes.

Regardless, I'll be using my bespoke version of this framework and committing the implementation soon.

Member

neocotic commented Mar 2, 2012

This is pretty much done and I'm about to create a pull request with my changes.

Regardless, I'll be using my bespoke version of this framework and committing the implementation soon.

neocotic added a commit that referenced this issue Mar 2, 2012

@neocotic neocotic closed this Mar 2, 2012

@neocotic neocotic added the security label Nov 15, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment