-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refresh before request if neccesary and multipart only when resource and media body specified #235
Conversation
Also #122. |
@@ -86,7 +86,8 @@ JWT.prototype.refreshToken_ = function(ignored_, opt_callback) { | |||
opt_callback && opt_callback(err, { | |||
access_token: token, | |||
token_type: 'Bearer', | |||
expires_in: that.gapi.token_expires | |||
expires_in: that.gapi.token_expires, |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
Media upload changes LGTM, commented on a few issues about auth related changes. |
Refresh before request if neccesary and multipart only when resource and media body specified
Currently when we make an API request and the request responds with an authentication error, we attempt to refresh the
access_token
using therefresh_token
and then re-attempt the request. If the request has a multipart body, it will not be attached to the re-attempted request due to the constraints of the library. This is exceptionally true for multipart bodies whose data is coming from a readable stream. To mitigate these issues, this PR makes the following changes:expiry_date
(an added property) of the credentials object to ensure that the token has not expired. If there is noexpiry_date
value, assume it has not expired. If it has expired, refresh the token before making the request.access_token
in the credentials, and there is arefresh_token
, use it to refresh the token before making the request.refresh_token
, never attempt to refresh (because you can't)access_token
norrefresh_token
, return an error in the callback.This will give more responsibility to the developer to ensure that their credentials are kept up to date.
Also added
oauth2client.revokeCredentials()
which will clear the credentials object and attempt to revoke theaccess_token
.Bonus: Affects #229 where multipart request was built for all media requests. Now multipart will only be built for requests with
resource
andmedia.body
. Ifresource
is only specified, it's a simple JSON request, if onlymedia.body
is specified, then uploadType=media is used with the body (not a multipart).