Hi Gabriel, The auth-refresh feature just registers a gadgets.rpc endpoint which you can call from the container side to update the gadget security token -- but it's up to you in your container implementation to actually maintain the tokens in the first place. The auth-refresh feature just gives you a hook to inject the updated token back into the gadget once you have it.
I think there may be an implementation of the container side code required to maintain security tokens in the common container feature, but I haven't really spent any time digging into the common container yet so I'm not sure if that piece is complete or not. But we have implemented this in our own container, and our implementation goes something like this: -- When the page initializes, a javascript object representing each gadget on the page is created and stored for later use. -- We use setInterval to schedule code to run every X minutes that is responsible for refreshing the security tokens. -- When the refresh code runs, we enumerate all the gadgets on the page collecting up their (still current) security tokens and then send them off to a custom restful service which sends back updated versions of them. -- We enumerate the updated tokens and distribute them back to each gadget using gadgets.rpc.call and the "update_security_token" handler registered on the gadget side through the inclusion of the auth-refresh feature. Hope that helps! --Jesse -----Original Message----- From: Gabriel Guardincerri [mailto:[email protected]] Sent: Monday, December 20, 2010 12:56 PM To: [email protected] Subject: Re: Is there a way to automatically update the security token to avoid expiration great, do you know how to enable that? Will it refresh the whole gadget or just the security token? I mean, if the user modified something in the gadget, will he/she still see that change after that auto-refresh? Thanks, Gabriel On Mon, Dec 20, 2010 at 8:40 AM, Paul Lindner <[email protected]> wrote: > There's an auth-refresh feature that you can force as default for > gadgets. It works by piggybacking a new security token on gadgets.io > requests. > > On Fri, Dec 17, 2010 at 12:01 PM, Gabriel Guardincerri > <[email protected]> wrote: > > I forgot to add the error: > > > > HTTP Status 401 - Malformed security token > > > default:dJnVqUV6qogiu_uAHZBTvccDdmUDerwbkKxc1-WegpyBLzpI9uz6P8NTF66SJ1kq94wzkYdiFHEaHXGFk7BGQ7A97mMtUqWGCyyk4s5bqCOes7Oh6EkPcPGUUFVPLu5UCbLEd7LIR08PRnIoaHGiaUrCUdPPw-x_UCcVJGz_IL4n2s2tKtJyIzZPba0mnAsUHwUH4fYsmUAuup58Xye3-FEKolHjSsO2Xro9bX_LtALzvY5Yorg.apache.shindig.common.crypto.BlobExpiredException: > > Blob expired, was valid from Mon Nov 22 20:56:50 PST 2010 to Mon Nov 22 > > 22:02:50 PST 2010, attempted use at Mon Nov 22 22:07:02 PST 2010 > > > > On Fri, Dec 17, 2010 at 9:52 AM, Gabriel Guardincerri < > [email protected]>wrote: > > > >> Hi, > >> > >> We are using "BlobCrypterSecurityToken" and that generates security > tokens > >> that expire after 1 hour. After that time the app/gadget brakes and > returns > >> a 401 ugly error. So I was wondering if there's a way to automatically > >> refresh that token before it expires to avoid that error and keep the > >> app/gadget working. > >> > >> Thanks, > >> > >> Gabriel > >> > > > > > > -- > Paul Lindner -- [email protected] -- linkedin.com/in/plindner >
