Refresh token (Google)

I think you have a bug in your storage implementation because it is responsible to retrieve a stored refresh token if one was obtained from the server before, even when CheckAccessToken is called.

Anyway CheckAccessToken or Process functions are not meant to be called when the user is not present because they could tell to redirect the user to the authorization server, if there is no valid access token or refresh token, which would not make sense.

So the idea is really to just use CallAPI function when the user is not present to make offline API calls. You can confirm that looking at the mysqli_offline_access_to_google.php script.

So there is no logic problem in the class, as you may confirm it works when using other storage classes besides yours.

Hello again.
Yeah, I finished to implement my Blogger's Oauth :-D)
Everything works well. Thanks again.


About the CheckAccessToken debate, I will send you (later, when on my PC) my storage_class, if you want to verify.

But what I noticed is this:
the test inside the Oauth2 swith-case, after RetrieveToken() always return if the token is valid.
This test does not depend on context, and I think it is a programming choice you made, (maybe to simplify the logic).
With this choice, on Oauth2, it appears you delegate to CallAPI the query to refresh the acces_token. In Oauth1 version, instead, the CheckAccessToken require immediately the access_token.

As I only tested with Google, I cannot be sure for all the special cases inside the class, of course.

Here is the code, it is not a matter of context but of true-table ;-D)

============ Triple- Test that always returns tue, when access_token is valid. No matter it is expired

$expired =
(strlen($this->access_token_expiry)
&& strcmp($this->access_token_expiry, gmstrftime('%Y-%m-%d %H:%M:%S')) <= 0
&& strlen($this->refresh_token) === 0);

if($valid && !$expired)
return true;
===========

So, even if the token_expiry is over (condition#2), the $expired flag will be false because otherwise the condition #3 strlen( refreh_token) will be >0.
In other words, only the validity condition#1 is decisive.
The test could even delete the conditions #1 and #2, and the logic on validity will work as before.

When following the CallAPI() function logic, however, the tests about token_expiry do not add the #3 condition on strlen(refresh_token). This is why the CallAPI() makes correcty a call to obtain a new access_token.

So i wonder why the Class does not try to query a new access_token, when expired, directly in CheckAccessToken() ????


Of course, this debate is only for curiosity.
Once you are aware about this logic in CheckAccessToken(), then in CallAPI(), everything works as expected.

Best regards!

Correction:
>>The test could even delete the conditions #1 and #2, and the logic on validity will work as before.

The test could even delete the condition on expiry,
and the logic on validity (only on validity) will work the same way


(BTW: I "Hereby" made a suggestion : PHPClasses should implement a better forum software, with better ergonomy: like simpleMachines or BBcode.. for example, we could edit our posts !!! ;.D)))

Problem:

1.- How do I upload here or, if you prefer, how do I send the file(s) to you ?

2.- Or, -- is it practicable to put the source code of my derived storage class in a post reply ?

The storage class itself, to be used as an offline client, is extended from your oauth_client_class.php. It is 250 lines long (with "aerial" style, not compact, but still significant)

For private stuff, all the keys/secrets are declared as constant in a separate interface. (around 40 lines).


Let me know (or contact me, to send you the file) ?


Best regards !

As I explained before, if you use the base class it works correctly, i.e. if the token expired and there is a refresh token, it will refresh the token when you call CheckAccessToken.

If it does not happen when you use your storage class, that can only be because you are not retrieving the refresh token or the expiry date of the token.

OK, I added to my to do list the possibility to allow editing posts at least for a period of time, maybe 5 minutes, so you can correct any mistakes.

Well for now, you may post the code in a message or upload it somewhere and put a link here.

May be Interesting info:

developers.google.com/drive/web/qui ...

Last version is 9-june, with a PHP script for offline installed applications.

Now, instead of "web application", it allows Oauth via "installed" Client-id. That means that for Google, at least, there is no longer need to use a web server (or the built-in PHP server)

BR!

>If it does not happen when you use your storage class, that can only be because you are not retrieving the refresh token or the expiry date of the token.

Yes, I am ;-)

Here is below the 3 overriding functions for Store/GetStored/SetupSession

I simply use file_{put,get}_contents() and file_exists.



=============
/** IRM=Override
*/

private function SetupSession(&$session)
{
if(!$this->GetAccessTokenURL($access_token_url))
return false;

if(strlen($this->session) || file_exists($this->storage_name) )
{
$s = $this->Unserialize();
if(!IsSet($s))
{
if($this->debug)
$this->OutputDebug('Could not read the OAuth storage');
$session = null;
}
else
$session = (IsSet($s[$access_token_url]) ? $s[$access_token_url] : null);
}
else
$session = null;

if(!IsSet($session))
{
$session = array(
'state' => md5(time() . rand()),
'access_token' => ''
);
$session['session'] = md5($session['state'] . time() . rand());
$s = array($access_token_url => $session);
$this->Serialize($s);
}

$this->session = $session['session'];

return true;
}

=============

/** IRM=Override
* @param $access_token
* @return bool
*/
Function GetStoredState(&$state)
{
if(!$this->SetupSession($session)) return false;

$state = $session['state'];
return true;
}


=============

/** IRM=Override
* @param $access_token
* @return bool
*/
Function StoreAccessToken($access_token)
{
if(!$this->GetAccessTokenURL($access_token_url)) return false;
if(!$this->SetupSession($session)) return false;

$session['access_token'] = $access_token['value'];
$session['access_token_secret'] = (IsSet($access_token['secret']) ? $access_token['secret'] : '');
$session['authorized'] = (IsSet($access_token['authorized']) ? $access_token['authorized'] : null);
$session['expiry'] = (IsSet($access_token['expiry']) ? $access_token['expiry'] : null);

//IRM=added
if(IsSet($access_token['type']))
$session['type'] = $access_token['type'];
$session['refresh_token'] = (IsSet($access_token['refresh']) ? $access_token['refresh'] : '');
$session['access_token_response'] = (IsSet($access_token['response']) ? $access_token['response'] : null);


$s = $this->unserialize();

if(!IsSet($s))
return $this->SetError('could not read the OAuth storage');

$s[$access_token_url] = $session;

$this->Serialize($s);

return true;
}
=============

/** IRM=Override
* @param $access_token
* @return bool
*/
Function GetAccessToken(&$access_token)
{
if(!$this->SetupSession($session))
return false;

if(strlen($session['access_token']))
{
$access_token = array(
'value' => $session['access_token'],
'secret' => $session['access_token_secret']
);
if(IsSet($session['authorized'])) $access_token['authorized'] = $session['authorized'];
if(IsSet($session['expiry'])) $access_token['expiry'] = $session['expiry'];
if(strlen($session['type'])) $access_token['type'] = $session['type'];
//IRM=added
if(strlen($session['refresh_token'])) $access_token['refresh'] = $session['refresh_token'];
if(strlen($session['access_token_response'])) $access_token['response'] = $session['access_token_response'];
}
else
$access_token = array();
return true;
}

=====


As you say, the expiry and refresh_token were correctly patched like you did for cookies_client_class.php

It is hard to follow your code.

You can just try the cookies class for yourself.

If your class does not work in a similar way, you need to debug it to find where it works differently.