Oauth 2.0: Support for section 2.3.1

Recommend this page to a friend!

PHP OAuth Library

PHP OAuth Library package blog

How to Implement PHP ...

All threads

Oauth 2.0: Support for section 2.3.1

(Un) Subscribe thread alerts

Subject:	Oauth 2.0: Support for section 2.3.1
Summary:	Does the App support Section 2.3.1 for Oauth 2.0
Messages:	23
Author:	dhairy
Date:	2014-04-18 15:11:11
Update:	2014-07-13 01:58:11

1 - 10

11 - 20

21 - 23

11. Re: Oauth 2.0: Support for section 2.3.1

Report abuse

Manuel Lemos - 2014-07-09 22:55:40 - In reply to message 10 from Tadej

I will implement it soon. It seems Twitter supports that kind of authorization flow.

12. Re: Oauth 2.0: Support for section 2.3.1

Report abuse

Tadej - 2014-07-10 00:17:36 - In reply to message 11 from Manuel Lemos

Nice to hear, I think this feature would be a great addition to this awesome library. Was just wondering, since this grant type is mostly used for machine to machine communication, would there be a way to also prepare a have an option to refresh access tokens via cron job?

13. Re: Oauth 2.0: Support for section 2.3.1

Report abuse

Manuel Lemos - 2014-07-10 06:27:46 - In reply to message 12 from Tadej

The class refreshes expired tokens on demand next time you access an API, as long as the OAuth server has returned a refresh token with the regular access token.

14. Re: Oauth 2.0: Support for section 2.3.1

Report abuse

Tadej - 2014-07-10 07:50:47 - In reply to message 13 from Manuel Lemos

I see...I thought that's he case, that's why I asked. Is then there any protection if 2 or more clients want to access the API, but token is expired; will they all request a new token simultaneously?

15. Re: Oauth 2.0: Support for section 2.3.1

Report abuse

Manuel Lemos - 2014-07-10 08:37:19 - In reply to message 14 from Tadej

It depends how you are storing the tokens. If you are storing the tokens in a database and encapsulate the database access in a transaction, you can prevent that two clients change the some token at the same time.

16. Re: Oauth 2.0: Support for section 2.3.1

Report abuse

Tadej - 2014-07-10 08:54:56 - In reply to message 15 from Manuel Lemos

Thanks for explaining, really appreciate it. Was thinking, maybe it would be nice to have an option to renew access token before it expires.

17. Re: Oauth 2.0: Support for section 2.3.1

Report abuse

Manuel Lemos - 2014-07-10 09:31:11 - In reply to message 16 from Tadej

Why do you want to renew a token that is not expired?

18. Re: Oauth 2.0: Support for section 2.3.1

Report abuse

Tadej - 2014-07-10 09:58:57 - In reply to message 17 from Manuel Lemos

I would renew a token only 1 minute before it expires, via cron job. That way all the "clients" will use the old token until new one is created (eliminating chance of multiple renew request being sent).

19. Re: Oauth 2.0: Support for section 2.3.1

Report abuse

Manuel Lemos - 2014-07-11 10:54:20 - In reply to message 18 from Tadej

I see. It seems like a hack that may also run you into problems.

I think it is safer to store the tokens in a database and encapsulate the database access in a transaction.

Anyway, the tokens are renewed automatically after they expire and before the next API call.

If you can assure all clients are not running, what you can do is to make a dumb API call just to renew the token before you restart all the clients.

20. Re: Oauth 2.0: Support for section 2.3.1

Report abuse

Tadej - 2014-07-12 23:43:44 - In reply to message 19 from Manuel Lemos

I see, you may be right.

Still, if dumb API call is made before token expires that won't work, so we would have to make sure it's made after expiration (that's why I asked for "force refresh" option).

Anyway, I'm sure I'll find a way, so thanks for your efforts and this great library.

Bye, Tadej

1 - 10

11 - 20

21 - 23

About us

Advertise on this site

For more information send a message to info at phpclasses dot org.