invalidate OAuth token(s) when VOOT backend token expired
fkooman opened this issue · 2 comments
fkooman commented
The VOOT backend token can expire or be revoked. Including the refresh token. If this happens the app should be reauthorized as to trigger obtaining a new VOOT access token.
This is a bit tricky as the OAuth tokens are stored in vpn-user-portal, and not in vpn-server-api, so we have to cross app boundaries. Seems difficult to do "cleanly".
fkooman commented
Maybe a better approach is this to tie it to an "/can_i_connect" API call that figures all this stuff out and returns a number of error codes, one of which would be to trigger reauthorization. Or something like this.
fkooman commented
We move VOOT to "frontend" so this is no longer an issue.