Use refresh token on restore? #249
Comments
|
Can you verify this works? |
|
I see what the problem is - the authenticator only refreshes automatically when no access token is present and not when it is stille present but known to have expired: https://github.com/simplabs/ember-simple-auth/blob/master/packages/ember-simple-auth-oauth2/lib/simple-auth-oauth2/authenticators/oauth2.js#L124. |
|
Interesting. It would make a lot of sense to restore with the refresh token (which may return an error if the refresh token is expired too, but at least it would allow to keep short term token :)) |
marcoow
added a commit
that referenced
this issue
Jul 21, 2014
|
The authenticator will now refresh when the token is known to be expired regardless of whether the access token is present or not. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I have an application where the access token is set to 1 day, and refresh token set to 1 month. I've had a user saying to me that he had to relog every day (he didn't manually unlog, just close his browser).
My question is: how Ember Simple Auth behave when the access token expires when the browser is not open? Is Ember Simple Auth smart enough, when someone open the website again, to check if the access token has expired in between, and use the refresh token to try to get a new token?
If that's not the case, that would be awesome to have this work like this. Currently, I just increased drastically the access token lifetime, but I don't really like that!
The text was updated successfully, but these errors were encountered: