This is not about oAuth authentication. For now we're just using the default implementation like so:
HyvesGadget.prototype.rpcToken = (0x7FFFFFFF * Math.random()) | 0; I understand that they should have a limited lifetime, but in this example they're just valid once. However, I don't understand how reloading the page and going back/forward are any different and are working and not working respectively. On 9/30/08 3:23 PM, "Astha Bhatnagar" <[EMAIL PROTECTED]> wrote: > Sorry for the formatting thing. For clear understanding I am copying that > again > Request Token: Used by the Consumer to ask the User to authorize access to > the Protected Resources. The User-authorized Request Token is exchanged for > an Access Token, MUST only be used once, and MUST NOT be used for any other > purpose. It is RECOMMENDED that Request Tokens have a limited lifetime > > .Access Token: Used by the Consumer to access the Protected Resources on > behalf of > the User. Access Tokens MAY limit access to certain Protected Resources, and > MAY have a limited lifetime. Service Providers SHOULD allow Users to revoke > Access Tokens. Only the Access Token SHALL be used to access the Protect > Resources. > > On Tue, Sep 30, 2008 at 6:40 PM, Astha Bhatnagar < > [EMAIL PROTECTED]> wrote: > >> Missed the link for OAuth Specification(source of the definitions) >> http://oauth.net/core/1.0#anchor9 >> >> >> On Tue, Sep 30, 2008 at 6:37 PM, Astha Bhatnagar < >> [EMAIL PROTECTED]> wrote: >> >>> Hi, >>> In OAuth authentication process two type of tokens are used: >>> >>> Request Token: Used by the Consumer to ask the User to authorize access >>> to the Protected Resources. The User-authorized Request Token is exchanged >>> for an Access Token, MUST only be used once, and MUST NOT be used for any >>> other purpose. It is RECOMMENDED that Request Tokens have a limited >>> lifetime. Access Token:Used by the Consumer to access the Protected >>> Resources on behalf of the User. Access Tokens MAY limit access to certain >>> Protected Resources, and MAY have a limited lifetime. Service Providers >>> SHOULD allow Users to revoke Access Tokens. Only the Access Token SHALL be >>> used to access the Protect Resources. >>> >>> >>> It is clear by the Request token definition that it is used only once and >>> it has a limited life time. So when you move back or forward same request >>> token is submitted to get data or to get access token. That's why it gives >>> error "Invalid auth token". >>> >>> Anybody here please correct me if I'm wrong :-) >>> >>> On Tue, Sep 30, 2008 at 5:48 PM, Youri op 't Roodt <[EMAIL PROTECTED]>wrote: >>> >>>> Hi, >>>> >>>> I¹m implementing a OS 0.7 container and I¹ve stumbled upon an issue where >>>> the gadgets.window.adjustHeight() doesn¹t work when you come to a page >>>> with >>>> a gadget by clicking the forward/back button of your browser (so far in >>>> FF30 >>>> and SAF312). The iFrame urls contain a new rpctoken, but somehow the >>>> authToken in the gadget has an Œold¹ value. When I reload the page (e.g. >>>> Cmd-R), the tokens are in sync again and everything works fine. If, from >>>> there, I go forward and then back (using the browser buttons) to the same >>>> page, the authToken in the gadget still has the Œold¹ value. The >>>> gadgets.rpc.process function then throws the ³Invalid auth token.² error >>>> when trying to adjust the height. >>>> I¹ve seen this happening on Hi5 as well, did anyone else experience this >>>> or >>>> maybe have a solution? >>>> >>>> Thanks in advance, >>>> >>>> Youri op Œt Roodt >>>> Hyves >>>> >>>> >>> >>
