Add checkBearerToken() to OAuth #80
Conversation
Keep method names consistent with the Auth module.
Calculate an expires_at timestamp and store it with the new token.
Add a public method to check if the client has a current, valid token. Also add an internal method to check if the stored token has expired.
|
@shaunanoordin this might help towards your problem with long transcription sessions on Anti-Slavery Manuscripts. |
| @@ -155,6 +165,15 @@ module.exports = new Model({ | |||
| ].join(''); | |||
| }, | |||
|
|
|||
| _bearerTokenIsExpired: function() { | |||
There was a problem hiding this comment.
Do we need a new method to check if token is expired? One already existed.
There was a problem hiding this comment.
There was a problem hiding this comment.
We need a method that works. I'd prefer if the OAuth class has the same API as Auth, so that common code can be consolidated as per the recommendations in #76.
There was a problem hiding this comment.
Makes sense, sorry I forgot you already commented on that.
It never worked, and nothing seems to use it.
|
I'm going to test with SW as part of the review. |
|
I haven't waited to see the refresh failure, but this seems to work well. The way I was thinking of handling the failure in SW is to logout the user. |
|
I realised the above discussion belongs on the SW PR. |
| _bearerTokenIsExpired: function() { | ||
| var tokenDetails = JSON.parse(SESSION_STORAGE.getItem(LOCAL_STORAGE_PREFIX + 'tokenDetails')); | ||
| if (tokenDetails) { | ||
| return Date.now() >= tokenDetails.expires_at - TOKEN_EXPIRATION_ALLOWANCE; |
There was a problem hiding this comment.
is 60s long enough to get a new token via an iFrame on slow network / a slow busy server?
There was a problem hiding this comment.
I don't know. What's a reasonable time to allow for Panoptes to respond?
There was a problem hiding this comment.
The load balancer kills connections that have not started responding after 60s so in theory it could be up to that long for a refresh promise to fulfill on a slow server.
I prefer to be overly cautious on this as i'm pretty sure slow / late token refreshes have caused some auth issues with ASM. E.g. say if the refresh via iFrame setTimeout is 10s late to fire and the token refresh takes 55s then there is a 5s period where the token will be expired and invalid.
Perhaps add 30s to it to be 180secs or maybe 2 mins?
There was a problem hiding this comment.
I've bumped it to 5 minutes. I've also been thinking that the solution to the unreliable timeout in #81 is to set the timer interval to the same allowance.
|
Published as 2.9.2 |
Towards #76
Stores an
expires_attimestamp with new tokens. Adds acheckBearerTokenmethod that can be used by client apps to check the token, and refresh it if possible.Tries, as far as possible, to copy the equivalent methods in the Auth module.