Skip to content

Token refreshment (feature request) #100

New issue
New issue
Closed
Closed
Token refreshment (feature request)#100
@rellampec

Description

@rellampec
rellampec
opened on Feb 9, 2021

The authentication token for Google OAuth2 expires very soon. This is an issue because a user might be in the middle of an edit, and when clicking on SAVE will be prompted with the authentication screen (leading some times to lose all the changes of the last edit).

For security reasons, there is no way from the Cloud Application to change the expiry time on the OAuth 2.0 Client IDs under Credentials. However, it is possible from the client-side to refresh the token.

  • According to the documentation, it is very straight forward to do this by setting the client object to offline access mode:
$client->setAccessType("offline");

Access tokens periodically expire and become invalid credentials for a related API request. You can refresh an access token without prompting the user for permission (including when the user is not present) if you requested offline access to the scopes associated with the token.

Not quite sure if that is all that is needed, but:

  • Would it be hard to add a new setting in this plug-in to set the MinutesBeforeRevoke parameter? (at least for the Google OAuth2)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions