Bug #7292
openRefresh token and access type
0%
Description
Hi,
Class OAuthProcess (OAuthService.C) is lacking a possibility to set the access type: online or offline, which is required to get a refresh token together with an access token from google.
Adding the following code for offline access seems to be working (refresh token is returned from google):
Method authorizeUrl:
url << (hasQuery ? '&' : '?') << "access_type=offline" << ... and here goes the rest of the code
Method handleAuthComplete:
ss << "access_type=offline" << ... and here goes the rest of the code
Also there is invalid JSON name for refresh token:
Method parseJsonToken:
there should be 'refresh_token' instead of 'refreshToken':
std::string refreshToken = root.get("refresh_token").orIfNull("");
Is it possible to add a setter in OAuthProcess to select between access_type in offline and online?
Updated by max p over 5 years ago
I'm not sure if it is related, but sometimes during google authorization, the extra window with consent does not disappear and wt gives me following entries in the log:
[2019-Oct-22 18:09:50.657] "GET /google-oauth2callback?state=RXYyZlpjU1V5aEtaelpOQklsU3RTRnNMU2p3PXxodHRwczovL3BsYW5uZXI0bWUuY29tLz93dGQ9Q3VhSGtjNUhhSXdpelNndyZyZXF1ZXN0PXJlc291cmNlJnJlc291cmNlPW94cWNxdjkmcmFuZD0w&code=4%2FsQGkHTv4KrsO_2YCuYXesCmxeSuXbImlGSPvcq46B5IDRI4v_42egixfkoN7Oa_qiyOgt2FBqsIxnnfpVNraPu4&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar+openid&authuser=0&session_state=f15d5cf4e38ebb92deacf7f7774a5db2c9225326..8922&prompt=none HTTP/1.1" 302 0
[2019-Oct-22 18:09:50.658] 2622 - [info] "WebRequest: took 0.784 ms"
[2019-Oct-22 18:09:50.671] 2622 - [info] "Wt: session created (#sessions = 3)"
[2019-Oct-22 18:09:50.672] 2622 [/ O97Tb8NoVXRyLOda] [info] "WEnvironment: UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/77.0.3865.90 Chrome/77.0.3865.90 Safari/537.36"
[2019-Oct-22 18:09:50.672] 2622 [/ O97Tb8NoVXRyLOda] [info] "Wt: not serving this."
85.1.148.40 - - [2019-Oct-22 18:09:50.673] "GET /?wtd=CuaHkc5HaIwizSgw&request=resource&resource=oxqcqv9&rand=0&state=RXYyZlpjU1V5aEtaelpOQklsU3RTRnNMU2p3PXxodHRwczovL3BsYW5uZXI0bWUuY29tLz93dGQ9Q3VhSGtjNUhhSXdpelNndyZyZXF1ZXN0PXJlc291cmNlJnJlc291cmNlPW94cWNxdjkmcmFuZD0w&code=4%2fsQGkHTv4KrsO_2YCuYXesCmxeSuXbImlGSPvcq46B5IDRI4v_42egixfkoN7Oa_qiyOgt2FBqsIxnnfpVNraPu4 HTTP/1.1" 200 45
[2019-Oct-22 18:09:50.673] 2622 - [info] "WebRequest: took 2.585 ms"
[2019-Oct-22 18:09:50.674] 2622 - [info] "WebController: Removing session O97Tb8NoVXRyLOda"
[2019-Oct-22 18:09:50.674] 2622 [/ O97Tb8NoVXRyLOda] [info] "Wt: session destroyed (#sessions = 2)"
I can do like 10 trials, extra window never disappears and wt says "not serving this" but then randomly it starts to work - even if I try to perform always the same steps.
Any idea what is going on? Can I provide some more data?
Updated by Roel Standaert over 5 years ago
That refreshToken
instead of refresh_token
does look like an error.
However, access_type
seems to be non-standard? It's just something that Google does, I think. Maybe it's an option to add it to GoogleService, but I think you can also just use setAuthEndpoint("https://accounts.google.com/o/oauth2/v2/auth?access_type=offline")
.
Updated by Roel Standaert over 5 years ago
I pushed a commit for the refresh_token
thing.
Updated by Roel Standaert over 5 years ago
As for "not serving this", this is logged when Wt gets a request with a request
URL parameter that is not jsupdate
, jserror
, script
, or page
for a new session.
I assume that would mean it's either style
or resource
(or some value that Wt doesn't know).
So I guess that this request:
GET /?wtd=CuaHkc5HaIwizSgw&request=resource&resource=oxqcqv9&rand=0&state=RXY...&code=4%2...
is refused by Wt, because it's a resource
request for a web session (CuaHkc5HaIwizSgw
) that Wt doesn't know.
I guess that's maybe the session id of a session that doesn't exist anymore? Can you find that same session id earlier on in the logs?
Updated by max p over 5 years ago
Hi,
thanks for pushing refresh_token and giving a hint to solve access_type.
When it comes to "not serving this" - I need to implement other features in my project, so I need some time till I can return to this topic.