|
|
 John Rambelle - 2013-06-14 12:12:55 Was testing out and found that at some point when I call mysqli_offline_access_to_google.php, the refresh token is cleared in the db.
It looks like this happens the day after the token was set, but before the actual expiry.
The result is that it cannot refresh the token when it expires. After that, I cannot use either mysqli_offline_access_to_google.php or mysqli_login_with_google.php until I delete the the record for that user in the db.
Is this a bug?
Thanks!
 Manuel Lemos - 2013-06-14 13:21:34 - In reply to message 1 from John RambelleAre you using the latest version? There was a bug in the previous version that caused the problem that you describe.
John Rambelle - 2013-06-17 11:48:51 - In reply to message 2 from Manuel LemosOk. Made sure I had the latest versions and so far haven't seen it again.
Thanks Manuel!
John Rambelle - 2013-06-18 03:35:29 - In reply to message 3 from John Rambelleactually, I am still seeing it, but not sure what use case is causing. Will try to test some more and let you know.
John Rambelle - 2013-06-18 17:33:49 - In reply to message 4 from John RambelleSet debug to true and got the below when trying to refresh - refresh_token is blank on the UPDATE:
[18-Jun-2013 05:29:10 America/Denver] OAuth client: Access token: ya29.AHES6ZQeLQQzALmDq6RkBDvC9fVxDXgNgv05CzjlF8apR_w
[18-Jun-2013 05:29:10 America/Denver] OAuth client: Access token expiry: 2013-06-18 12:29:10 UTC
[18-Jun-2013 05:29:10 America/Denver] OAuth client: Access token type: Bearer
[18-Jun-2013 05:29:10 America/Denver] OAuth client: Checking OAuth session from cookie b7c996a3b24241b3f7e0ccfa3b811688
[18-Jun-2013 05:29:10 America/Denver] OAuth client: Query: UPDATE oauth_session SET session=?, state=?, access_token=?, access_token_secret=?, expiry=?, authorized=?, type=?, server=?, creation=?, refresh_token=?, user=? WHERE id=?
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: b7c996a3b24241b3f7e0ccfa3b811688
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: bd582c439088c374501ddeb7dad36d7b
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: ya29.AHES6ZQeLQQzALmDq6RkBDvC9fVxDXgNgv05CzjlF8apR_w
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value:
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: 2013-06-18 12:29:10
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: Y
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: Bearer
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: Google
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: 2013-06-18 03:41:59
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value:
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: i value: 1
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: i value: 13
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Accessing the API call at https://www.googleapis.com/oauth2/v1/userinfo?access_token=ya29.AHES6ZQeLQQzALmDq6RkBDvC9fVxDXgNgv05CzjlF8apR_w
Manuel Lemos - 2013-06-22 12:27:26 - In reply to message 5 from John RambelleYes, there was misinterpretation of the standard that said a new refresh token could be provided. Since Google does not provide a new refresh token, it was being cleared by mistake.
The problem is fixed and a new version was upload. Just let me know if you still have problems.
John Rambelle - 2013-06-25 11:50:14 - In reply to message 5 from John RambelleThere is still a bug here. It is masked if a user has multiple sessions in the db (from different PCs for instance) since the GetUserSession SQL uses only user and server in the where clause:
SELECT id, session, state, access_token, access_token_secret, expiry, authorized, type, server, creation, refresh_token FROM oauth_session WHERE user=? AND server=?
It can pick up the refresh token from a session that was created on a different PC and will refresh the access_token. If I delete that record in the db, then I still experience the issue where the refresh_token is lost. If I save the refresh_token manually and restore it after it is lost, it will happily refresh the access_token.
Am I missing something?
John Rambelle - 2013-06-25 15:23:02 - In reply to message 7 from John RambelleApologies, had posted that last post before seeing your reply. I will test the fix you put in - THANKS!
Though there still is a potential issue with GetUserSession if a user has multiple sessions. The SQL doesn't know which one to pick up?
Manuel Lemos - 2013-07-02 03:49:33 - In reply to message 8 from John RambelleThe problem is that you putting the user through OAuth authorization process before checking if there is already an authorization for that user in the database.
If you already know the identity of your user in your system, you should not even restart the OAuth process.
Anyway, having multiple authorization tokens for the same user in the database is not a problem as both should work and it does not matter which one is used when sending API calls.
|
