invalidate OAuth token(s) when VOOT backend token expired

Question

invalidate OAuth token(s) when VOOT backend token expired

fkooman opened this issue 6 years ago · 2 comments

The VOOT backend token can expire or be revoked. Including the refresh token. If this happens the app should be reauthorized as to trigger obtaining a new VOOT access token.

This is a bit tricky as the OAuth tokens are stored in vpn-user-portal, and not in vpn-server-api, so we have to cross app boundaries. Seems difficult to do "cleanly".

Answer 1 · 2018-06-26T09:15:30.000Z

Maybe a better approach is this to tie it to an "/can_i_connect" API call that figures all this stuff out and returns a number of error codes, one of which would be to trigger reauthorization. Or something like this.

Answer 2 · 2018-11-22T09:26:44.000Z

We move VOOT to "frontend" so this is no longer an issue.