Issue 154105: don't delete oauth tokens on 403 responses

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 154105: don't delete oauth tokens on 403 responses

Can't Edit
Can't Publish+Mail
Start Review

Created:
14 years, 5 months ago by beaton

Modified:
14 years, 5 months ago

Reviewers:
Paul Lindner, shindig.remailer, etnu

Base URL:
https://svn.apache.org/repos/asf/incubator/shindig/trunk/

Visibility:
Public.

Patch Set 1 #

Total comments: 2

Created: 14 years, 5 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+149 lines, -34 lines)			Patch
M	java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthCommandLine.java	View	2 chunks	+2 lines, -0 lines	0 comments	Download
M	java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthProtocolException.java	View	3 chunks	+10 lines, -4 lines	1 comment	Download
M	java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java	View	2 chunks	+12 lines, -6 lines	0 comments	Download
M	java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java	View	9 chunks	+40 lines, -21 lines	1 comment	Download
M	java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/MakeRequestClient.java	View	1 chunk	+4 lines, -0 lines	0 comments	Download
M	java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java	View	5 chunks	+81 lines, -3 lines	0 comments	Download

Messages

Total messages: 3

Expand All Messages | Collapse All Messages

beaton

So it turns out that Twitter returns 403 responses when a client is rate limited. ...

14 years, 5 months ago (2009-11-13 01:58:44 UTC) #1

etnu

This seems reasonable. I assume you've tested enough service providers to be confident that none ...

14 years, 5 months ago (2009-11-13 02:09:50 UTC) #2

beaton

14 years, 5 months ago (2009-11-13 17:08:07 UTC) #3

Yep, tested against several service providers.  None return 403 for
unauthorized.

They all return 401 for multiple reasons, unfortunately.  So there are still
some cases where we will delete a token that might not actually have been
revoked.  For example, most service providers can't distinguish between a token
that has been revoked and a bad signature due to bug on our side.

This is still better off than we were before.

I made the switch to using constants in those places.

Expand All Messages | Collapse All Messages