auth

Paddy 2015-01-18 Parent:e000b1c24fc0 Child:b714af0578dc

125:dcd2125c4f57 Go to Latest

auth/token_test.go

Remove refresh token expiration, update implicit token. Refresh tokens no longer expire, because they're supposed to be long-lived, and we have no way to communicate to the user exactly how long-lived they are. Instead, they are invalidated after a single use, which should prevent too much abuse. It gives them an effective lifespan of "default token expiration, or until used", which I think is Good Enough. Also updated our implicit token to set the CreatedFrom to "implicit" and the ClientID to the client ID, which is important, I guess. It's really annoying that we have that logic in two different places.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/token_test.go	Sun Jan 18 05:03:17 2015 -0500
     1.2 +++ b/token_test.go	Sun Jan 18 05:08:18 2015 -0500
     1.3 @@ -25,9 +25,6 @@
     1.4  	if token1.ExpiresIn != token2.ExpiresIn {
     1.5  		return false, "expires in", token1.ExpiresIn, token2.ExpiresIn
     1.6  	}
     1.7 -	if token1.RefreshExpiresIn != token2.RefreshExpiresIn {
     1.8 -		return false, "refresh expires in", token1.RefreshExpiresIn, token2.RefreshExpiresIn
     1.9 -	}
    1.10  	if token1.TokenType != token2.TokenType {
    1.11  		return false, "token type", token1.TokenType, token2.TokenType
    1.12  	}