Hi, In OAuth authentication process two type of tokens are used: Request Token:Used by the Consumer to ask the User to authorize access to the Protected Resources. The User-authorized Request Token is exchanged for an Access Token, MUST only be used once, and MUST NOT be used for any other purpose. It is RECOMMENDED that Request Tokens have a limited lifetime.Access Token:Used by the Consumer to access the Protected Resources on behalf of the User. Access Tokens MAY limit access to certain Protected Resources, and MAY have a limited lifetime. Service Providers SHOULD allow Users to revoke Access Tokens. Only the Access Token SHALL be used to access the Protect Resources.
It is clear by the Request token definition that it is used only once and it has a limited life time. So when you move back or forward same request token is submitted to get data or to get access token. That's why it gives error "Invalid auth token". Anybody here please correct me if I'm wrong :-) On Tue, Sep 30, 2008 at 5:48 PM, Youri op 't Roodt <[EMAIL PROTECTED]> wrote: > Hi, > > I¹m implementing a OS 0.7 container and I¹ve stumbled upon an issue where > the gadgets.window.adjustHeight() doesn¹t work when you come to a page with > a gadget by clicking the forward/back button of your browser (so far in > FF30 > and SAF312). The iFrame urls contain a new rpctoken, but somehow the > authToken in the gadget has an Œold¹ value. When I reload the page (e.g. > Cmd-R), the tokens are in sync again and everything works fine. If, from > there, I go forward and then back (using the browser buttons) to the same > page, the authToken in the gadget still has the Œold¹ value. The > gadgets.rpc.process function then throws the ³Invalid auth token.² error > when trying to adjust the height. > I¹ve seen this happening on Hi5 as well, did anyone else experience this or > maybe have a solution? > > Thanks in advance, > > Youri op Œt Roodt > Hyves > >
