+barefootguru Posted July 30, 2017 Share Posted July 30, 2017 I run 4 apps/programs/sites which access GC via the API. It's a nuisance and time consuming to have to reauthorise them repeatedly. It decreases security: rather than entering my (long random) password once on my phone, I have to save it in a note in case it expires when I'm away from home. Quote Link to comment
+dakboy Posted July 29, 2018 Share Posted July 29, 2018 You could (should) use a password manager like KeePass or 1Password to store your passwords securely. This security deficiency isn't due to the API token expiration but rather how you choose to handle it. Quote Link to comment
+on4bam Posted July 29, 2018 Share Posted July 29, 2018 I renew my token in GSAK and GDAK without any "hassle", it's just a few clicks about 4 times a year. No sweat. 1 Quote Link to comment
+barefootguru Posted August 8, 2018 Author Share Posted August 8, 2018 I visit Project-GC on 3 devices, and have Cachly running on 2. Cachly now utilises Keychain so that’s fixed the password security, but that still leaves a multi-screen reauthorisation I have to go through twice a month — sometimes out in the field. No other website I use requires incessant babysitting to keep my access tokens valid. It’s good it doesn’t bother you guys, but it’s harder when you realise it doesn’t have to be like this. 2 Quote Link to comment
Keystone Posted August 8, 2018 Share Posted August 8, 2018 The access token renewal process was instituted due to abuse. This is why we can't have nice things. 2 Quote Link to comment
+on4bam Posted August 8, 2018 Share Posted August 8, 2018 What will happen when API2 is launched officially? In GSAK I see "token is older than 1 hour > refreshing token". Does that mean token refresh is going to be automated (even more than in GSAK)? I suppose that when using the API the token can be checked (it's already checked for validity) and it's lifetime extended if membership type is still the same? Quote Link to comment
+Corfman Clan Posted October 26, 2018 Share Posted October 26, 2018 On 8/8/2018 at 3:44 AM, on4bam said: What will happen when API2 is launched officially? In GSAK I see "token is older than 1 hour > refreshing token". Does that mean token refresh is going to be automated (even more than in GSAK)? I suppose that when using the API the token can be checked (it's already checked for validity) and it's lifetime extended if membership type is still the same? I believe that apps will be able to renew the token without user intervention but am not positive on that as I have yet to implement the new user authorization in LonelyCache. From the documentation: Quote When the access token expires, the app can make a POST call into the OAuth service's token endpoint to exchange the refresh_token for a new access token without any additional authorize calls. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.