Closed (fixed)
Project:
OAuth2 Client
Version:
7.x-1.4
Component:
Code
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
15 May 2016 at 21:55 UTC
Updated:
25 Apr 2017 at 04:00 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #2
dashohoxha commentedI don't think that anybody (besides me) gets notified when you create an issue. So, it is unlikely that you will get any answer about this. Try to ask to some other sites with more exposure, for example StackExchange.
Comment #3
jaypanI upadated this module to D8 to be able to use it with Instagram, and while testing, I discovered that Instagram does not return the 'expires_in' key. The expiration date for the token is set to the current time plus expires_in, and since expires_in is zero, the key is always expired. I set a default to expire in an hour in this case in D8, though I don't have enough experience with OAuth2 to know if this was necessarily a good solution. But maybe this fix should be applied to D7 as well, or some other method needs to be devised to handle the lack of this key in the response.
Comment #4
dashohoxha commentedMaybe Instagram uses some other key instead of 'expires_in' (for example 'validity-time')?
Anyway, I think that this is a deviation from the OAuth2 protocol, and the best way to handle it is by extending the client class, like this:
Comment #5
dashohoxha commented@Jaypan: By the way, I noticed that your code uses tabs (instead of spaces), and this breaks the identation for me. Would you mind converting them to spaces? I am not sure, but I think that one of D7 coding standards used to be not using tabs in the code; maybe it has changed in D8.
Comment #6
jaypanNo, unfortunately it doesn't send back any timestamp. I read that some other services don't as well, so it appears we can't rely on it.
No, it hasn't changed in D8. I have my own coding standard I use for my own projects, but I try to use the Drupal standard when working on other people's projects, I must have missed some spots or forgotten. Sorry about that, I'll clean it up and release a new version.
Comment #7
rho_ commentedWound up having to interface with the Instagram API in a current project. Per their authentication documentation, they do not include any expiry data:
The solution in #4 works fine for me, and imo is completely reasonable.
Comment #8
jaypanIt's not, as the key is only recommended, not required: https://tools.ietf.org/html/rfc6749#section-4.2.2
As it's not required, I think that the module needs a patch to handle the circumstance where it's not returned, as in with Instagram. I'm attaching a patch. If when it's approved, I'll alter the D8 branch to match (even though I already handled this case in a different method in that branch).
Comment #10
jaypanComment #11
jaypanI've updated the 8.x-1.x version to handle this issue in the same manner.
Comment #12
dashohoxha commented@Jaypan Thanks for digging up the RFC (actualy I had never looked it up myself). I applied your patch.
By the way, since I am not able to test the D8 branch, you have total control on it. So, you can do whatever you think is right for it, don't wait for my agreement or approval.
On the D7 branch however I try to be a bit conservative with changes that I think are not necessary, since there are people using it, and having to update often is not a good thing (there is always the possibility of breaking things inadvertantly).
Comment #13
jaypanYeah, I think we need to create automated tests for the D8 version before a full release is released, so as to prevent breaking functionality as we make changes over time. I do that with all my own modules.