Login   Register  
PHP Classes
elePHPant
Icontem

refresh_token

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      PHP OAuth API  >  All threads  >  refresh_token  >  (Un) Subscribe thread alerts  
Subject:refresh_token
Summary:refresh_token is losing its value
Messages:9
Author:John Rambelle
Date:2013-06-14 12:12:55
Update:2013-07-02 03:49:33
 

  1. refresh_token   Reply  
Picture of John Rambelle
John Rambelle
2013-06-14 12:12:55
Was testing out and found that at some point when I call mysqli_offline_access_to_google.php, the refresh token is cleared in the db.

It looks like this happens the day after the token was set, but before the actual expiry.

The result is that it cannot refresh the token when it expires. After that, I cannot use either mysqli_offline_access_to_google.php or mysqli_login_with_google.php until I delete the the record for that user in the db.

Is this a bug?

Thanks!

  2. Re: refresh_token   Reply  
Picture of Manuel Lemos
Manuel Lemos
2013-06-14 13:21:34 - In reply to message 1 from John Rambelle
Are you using the latest version? There was a bug in the previous version that caused the problem that you describe.

  3. Re: refresh_token   Reply  
Picture of John Rambelle
John Rambelle
2013-06-17 11:48:51 - In reply to message 2 from Manuel Lemos
Ok. Made sure I had the latest versions and so far haven't seen it again.
Thanks Manuel!

  4. Re: refresh_token   Reply  
Picture of John Rambelle
John Rambelle
2013-06-18 03:35:29 - In reply to message 3 from John Rambelle
actually, I am still seeing it, but not sure what use case is causing. Will try to test some more and let you know.

  5. Re: refresh_token   Reply  
Picture of John Rambelle
John Rambelle
2013-06-18 17:33:49 - In reply to message 4 from John Rambelle
Set debug to true and got the below when trying to refresh - refresh_token is blank on the UPDATE:
[18-Jun-2013 05:29:10 America/Denver] OAuth client: Access token: ya29.AHES6ZQeLQQzALmDq6RkBDvC9fVxDXgNgv05CzjlF8apR_w
[18-Jun-2013 05:29:10 America/Denver] OAuth client: Access token expiry: 2013-06-18 12:29:10 UTC
[18-Jun-2013 05:29:10 America/Denver] OAuth client: Access token type: Bearer
[18-Jun-2013 05:29:10 America/Denver] OAuth client: Checking OAuth session from cookie b7c996a3b24241b3f7e0ccfa3b811688
[18-Jun-2013 05:29:10 America/Denver] OAuth client: Query: UPDATE oauth_session SET session=?, state=?, access_token=?, access_token_secret=?, expiry=?, authorized=?, type=?, server=?, creation=?, refresh_token=?, user=? WHERE id=?
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: b7c996a3b24241b3f7e0ccfa3b811688
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: bd582c439088c374501ddeb7dad36d7b
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: ya29.AHES6ZQeLQQzALmDq6RkBDvC9fVxDXgNgv05CzjlF8apR_w
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value:
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: 2013-06-18 12:29:10
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: Y
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: Bearer
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: Google
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value: 2013-06-18 03:41:59
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: s value:
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: i value: 1
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Query parameter type: i value: 13
[18-Jun-2013 05:29:11 America/Denver] OAuth client: Accessing the API call at https://www.googleapis.com/oauth2/v1/userinfo?access_token=ya29.AHES6ZQeLQQzALmDq6RkBDvC9fVxDXgNgv05CzjlF8apR_w


  6. Re: refresh_token   Reply  
Picture of Manuel Lemos
Manuel Lemos
2013-06-22 12:27:26 - In reply to message 5 from John Rambelle
Yes, there was misinterpretation of the standard that said a new refresh token could be provided. Since Google does not provide a new refresh token, it was being cleared by mistake.

The problem is fixed and a new version was upload. Just let me know if you still have problems.

  7. Re: refresh_token   Reply  
Picture of John Rambelle
John Rambelle
2013-06-25 11:50:14 - In reply to message 5 from John Rambelle
There is still a bug here. It is masked if a user has multiple sessions in the db (from different PCs for instance) since the GetUserSession SQL uses only user and server in the where clause:
SELECT id, session, state, access_token, access_token_secret, expiry, authorized, type, server, creation, refresh_token FROM oauth_session WHERE user=? AND server=?
It can pick up the refresh token from a session that was created on a different PC and will refresh the access_token. If I delete that record in the db, then I still experience the issue where the refresh_token is lost. If I save the refresh_token manually and restore it after it is lost, it will happily refresh the access_token.

Am I missing something?

  8. Re: refresh_token   Reply  
Picture of John Rambelle
John Rambelle
2013-06-25 15:23:02 - In reply to message 7 from John Rambelle
Apologies, had posted that last post before seeing your reply. I will test the fix you put in - THANKS!

Though there still is a potential issue with GetUserSession if a user has multiple sessions. The SQL doesn't know which one to pick up?

  9. Re: refresh_token   Reply  
Picture of Manuel Lemos
Manuel Lemos
2013-07-02 03:49:33 - In reply to message 8 from John Rambelle
The problem is that you putting the user through OAuth authorization process before checking if there is already an authorization for that user in the database.

If you already know the identity of your user in your system, you should not even restart the OAuth process.

Anyway, having multiple authorization tokens for the same user in the database is not a problem as both should work and it does not matter which one is used when sending API calls.