Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature suggestion: auto refreshing access tokens #79

Closed
tsubery opened this issue Dec 3, 2016 · 5 comments
Closed

feature suggestion: auto refreshing access tokens #79

tsubery opened this issue Dec 3, 2016 · 5 comments

Comments

@tsubery
Copy link
Contributor

tsubery commented Dec 3, 2016

Hello,

I noticed there is implementation of refresh token and access token. For any long running access the users of the library would have to manually refresh tokens for providers that require it like Google. I think it makes sense to add some logic to automatically refresh expired tokens when making requests. For backward compatibility, we can off by default.
Let me know if you are interested in pull request.
@scrogson
Copy link
Member

scrogson commented Dec 4, 2016

Hi @tsubery,

I'm hesitant to put this directly into this library. This library is meant to provide low-level OAuth2 building blocks.

Can you give me an example of how you are using this library so I can better understand what it is that you expect to accomplish?

Specifically, how are you storing tokens for later use?

@tsubery
Copy link
Contributor Author

tsubery commented Dec 5, 2016
edited
Loading

My use case is a long running background job that access google's api and collects information periodically. That means I need to store a token that eventually expires and need to be refreshed.

When I wrote the issue I forgot about the immutability of data in Elixir. I was thinking it would be clean and easy to make any request fetch for a new access token using the refresh token when necessary. This would work but the original client would not have the new access token and that might lead to many unnecessary round trips. I understand that this library does not implement a token store.

Having said that, there is still some minimal amount of logic can be abstracted away from users like me. All I really want is a token that is good for the next few minutes to do the required work. Maybe a function like this would be useful:

Updated:

def fresh_client_for(client, time_out_seconds) do
  expired_at = client.token.expired_at
   if expired_at && :os.system_time(:milli_seconds) + timeout_seconds < expired_at do
    refresh_token(client, [],[],[])
  else
    client
  end
end

Long running processes could use

fresh_client = fresh_client_for(stored_client, @max_access_time)
OAuth2.Client.get(fresh_client,...

@scrogson
Copy link
Member

scrogson commented Dec 5, 2016

@tsubery,

Yeah, I've thought about including some sort of token store for a while. However, it seems difficult to make something generic enough to work with all use cases without further thought.

@tsubery
Copy link
Contributor Author

tsubery commented Dec 5, 2016

Yea, seems like it might be mixing too many responsibilities. What do you think about the new function I suggested?

@scrogson
Copy link
Member

scrogson commented Dec 7, 2016

@tsubery not at this time. Thank you.

@scrogson scrogson closed this as completed Dec 7, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@scrogson @tsubery