[oauth] Work around on token expired problem

[Vinod]

Hi,

   I have a gadget developed using Oauth. My gadget is working
fine and has been successfully tested with igoogle and orkut. When my
gadget is added to igoogle/orkut for the first time, the 3-legged
process is initiated and have my user authenticate to provide access
to igoogle/orkut by generating access token. With this done, the
access token is stored in my db and henceforth with subsequent login
into igoogle/orkut, access token would be issued by the container and
is verified by my application and the gadget is rendered directly
without having to undergo through the 3-legged process again. Now I am
trying to facilitate my users to revoke access token which would
simply delete the access token in my db. With this done, I am
expecting that the next login to igoogle/orkut should initiate the 3-
legged process to get the access token. But unfortunately igoogle/
orkut issues the access token which is now obviously not there in my
db and hence my app throws Token Expired exception. Could someone
guide me on how to re-initiate the 3-legged process in the aforesaid
scenario.

Thanks,
R.Vinod Kumar

-- 
You received this message because you are subscribed to the Google Groups 
OAuth group.
To post to this group, send email to oa...@googlegroups.com.
To unsubscribe from this group, send email to 
oauth+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/oauth?hl=en.

Re: [oauth] 3-legged oauth -- user authorization failures -- what is the standard oauth spec

[Lukas Rosenstock]

Hi!
I would like to see this issue addressed in the next iteration of OAuth.
For one internal scenario in which we have deployed OAuth we have come up
with a solution in which apart from oauth_callback another error_callback
parameter is passed - in case of failure the user will be redirected to that
one instead.

Regards,
 Lukas Rosenstock

2010/2/21 Mahesh Venkat mhven...@gmail.com

 Hi,

 I recently implemented the 3-legged oauth as per the OAuth 1.0a specs.
 During the implementation I am finding some gaps in the specs for error
 scenarios.
 We have oauth_callback url to redirect the user to the consumer app after a
 successful user authorization. There are a number of exception cases where I
 am not sure what the oauth specs are:


1. What is the user interface or oauth interface, if the user denies
the authorization
2. If there is system failure in presenting the authorization page to
the user,  should the service provide redirect to the same oauth_callback
url of the consumer?
3. When the service provider receives a request for user authorization
using the 'unauthorized' request token, if the token is invalid or expired
should the service provider redirect to the oauth_callback url or send a 
 404
error?

 Appreciate your response.

 --
 Regards
 --Mahesh

 --
 You received this message because you are subscribed to the Google Groups
 OAuth group.
 To post to this group, send email to oa...@googlegroups.com.
 To unsubscribe from this group, send email to
 oauth+unsubscr...@googlegroups.com oauth%2bunsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/oauth?hl=en.




-- 
http://lukasrosenstock.net/

-- 
You received this message because you are subscribed to the Google Groups 
OAuth group.
To post to this group, send email to oa...@googlegroups.com.
To unsubscribe from this group, send email to 
oauth+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/oauth?hl=en.