Issue 70: Use WWW-Authenticate header to guess if token has expired
Issue 77: better JavaDoc for
Better JavaDoc on Credential.refreshToken()
BASED ON - https://codereview.appspot.com/10450044/
https://codereview.appspot.com/9640045/diff/1/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java File google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java (right): https://codereview.appspot.com/9640045/diff/1/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java#newcode100 google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:100: private static String INVALID_TOKEN_ERROR = "error=invalid_token"; maybe we should ...
10 years, 10 months ago
(2013-06-17 18:42:44 UTC)
#2
https://codereview.appspot.com/9640045/diff/1/google-oauth-client/src/main/ja...
File
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java
(right):
https://codereview.appspot.com/9640045/diff/1/google-oauth-client/src/main/ja...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:100:
private static String INVALID_TOKEN_ERROR = "error=invalid_token";
maybe we should be a little more lenient on the whitespace and do something
like:
private static final Pattern INVALID_TOKEN_ERROR =
Pattern.compile("\\s*error\\s*=\\s*invalid_token\\s*");
and then below INVALID_TOKEN_ERROR.matcher(headerValue).matches()
https://codereview.appspot.com/9640045/diff/1/google-oauth-client/src/main/ja...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:249:
Object authenticate = response.getHeaders().get(AUTHENTICATE_HEADER);
Object authenticate = response.getHeaders().getAuthenticate();
or probably more intelligently, we should add
HttpHeaders.getAuthenticateAsList() and then iterate over the possibly multiple
WWW-Authenticate headers, looking for the one with value that
startsWith("\\s*Bearer")
alternatively, we could add a method like getAuthenticate(String challenge) that
would return the value for the given challenge type.
But for now, if it is easier to implement without making changes to
HttpResponse, I'm okay with this implementation that does
getHeaders().get(AUTHENTICATE_HEADER), but then you still need to iterate over
the values to find the one of type "Bearer".
https://codereview.appspot.com/9640045/diff/1/google-oauth-client/src/main/ja...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:252:
|| response.getStatusCode() == HttpStatusCodes.STATUS_CODE_UNAUTHORIZED;
Based on my reading of the spec, there is no reason to check the error code. I
think the only reason to keep it in there is for backwards compatibility. But
then it raises the question of what happens if we know error is not
"invalid_token" but the error code is still 401. Logic should dictate that we
should not refresh the token and try again.
Perhaps the best compromise is to only check the status code if we're working
with a server that didn't properly implement the spec in that it did not provide
the WWW-Authenticate Bearer challenge? Incidentally, that was true of Google
until some number of months ago.
10 years, 10 months ago
(2013-06-20 20:03:44 UTC)
#4
https://codereview.appspot.com/9640045/diff/1/google-oauth-client/src/main/ja...
File
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java
(right):
https://codereview.appspot.com/9640045/diff/1/google-oauth-client/src/main/ja...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:100:
private static String INVALID_TOKEN_ERROR = "error=invalid_token";
On 2013/06/17 18:42:44, yanivi wrote:
> maybe we should be a little more lenient on the whitespace and do something
> like:
>
> private static final Pattern INVALID_TOKEN_ERROR =
> Pattern.compile("\\s*error\\s*=\\s*invalid_token\\s*");
>
> and then below INVALID_TOKEN_ERROR.matcher(headerValue).matches()
Done.
https://codereview.appspot.com/9640045/diff/1/google-oauth-client/src/main/ja...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:249:
Object authenticate = response.getHeaders().get(AUTHENTICATE_HEADER);
On 2013/06/17 18:42:44, yanivi wrote:
> Object authenticate = response.getHeaders().getAuthenticate();
>
> or probably more intelligently, we should add
> HttpHeaders.getAuthenticateAsList() and then iterate over the possibly
multiple
> WWW-Authenticate headers, looking for the one with value that
> startsWith("\\s*Bearer")
>
> alternatively, we could add a method like getAuthenticate(String challenge)
that
> would return the value for the given challenge type.
>
> But for now, if it is easier to implement without making changes to
> HttpResponse, I'm okay with this implementation that does
> getHeaders().get(AUTHENTICATE_HEADER), but then you still need to iterate over
> the values to find the one of type "Bearer".
Done.
https://codereview.appspot.com/9640045/diff/1/google-oauth-client/src/main/ja...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:252:
|| response.getStatusCode() == HttpStatusCodes.STATUS_CODE_UNAUTHORIZED;
On 2013/06/17 18:42:44, yanivi wrote:
> Based on my reading of the spec, there is no reason to check the error code.
I
> think the only reason to keep it in there is for backwards compatibility. But
> then it raises the question of what happens if we know error is not
> "invalid_token" but the error code is still 401. Logic should dictate that we
> should not refresh the token and try again.
>
> Perhaps the best compromise is to only check the status code if we're working
> with a server that didn't properly implement the spec in that it did not
provide
> the WWW-Authenticate Bearer challenge? Incidentally, that was true of Google
> until some number of months ago.
Done.
https://codereview.appspot.com/9640045/diff/9003/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java File google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java (right): https://codereview.appspot.com/9640045/diff/9003/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java#newcode485 google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:485: public final boolean refreshToken() throws IOException { while you ...
10 years, 10 months ago
(2013-06-23 12:25:38 UTC)
#6
LGTM but must fix this issue before submitting... https://codereview.appspot.com/9640045/diff/26001/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java File google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java (right): https://codereview.appspot.com/9640045/diff/26001/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java#newcode245 google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:245: List<String> ...
10 years, 10 months ago
(2013-06-24 15:48:00 UTC)
#8
LGTM
but must fix this issue before submitting...
https://codereview.appspot.com/9640045/diff/26001/google-oauth-client/src/mai...
File
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java
(right):
https://codereview.appspot.com/9640045/diff/26001/google-oauth-client/src/mai...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:245:
List<String> authenticateList = response.getHeaders().getAuthenticateAsList();
Description Resource Path Location Type
List cannot be resolved to a
type Credential.java /google-oauth-client/src/main/java/com/google/api/client/auth/oauth2 line
244 Java Problem
Done. Was pushed a minute ago https://codereview.appspot.com/9640045/diff/26001/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java File google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java (right): https://codereview.appspot.com/9640045/diff/26001/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java#newcode245 google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:245: List<String> authenticateList = ...
10 years, 10 months ago
(2013-06-25 14:54:31 UTC)
#10
Done. Was pushed a minute ago
https://codereview.appspot.com/9640045/diff/26001/google-oauth-client/src/mai...
File
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java
(right):
https://codereview.appspot.com/9640045/diff/26001/google-oauth-client/src/mai...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:245:
List<String> authenticateList = response.getHeaders().getAuthenticateAsList();
On 2013/06/24 15:48:00, yanivi wrote:
> Description Resource Path Location Type
> List cannot be resolved to a
>
type Credential.java /google-oauth-client/src/main/java/com/google/api/client/auth/oauth2 line
> 244 Java Problem
Done.
Issue 9640045: Issue 70: Use WWW-Authenticate header to guess if token has expired
(Closed)
Created 10 years, 11 months ago by peleyal
Modified 10 years, 10 months ago
Reviewers: yanivi
Base URL: https://code.google.com/p/google-oauth-java-client/
Comments: 24
