The best practice here is to have a javascript timer on the container side periodically talk to the server to fetch new security tokens. The auth-refresh feature is then used to distribute the security tokens to gadgets.
I don't see any reason that gadget authors should need to think about the security token expiring, it's probably a bug if they need to worry about it. On-demand checking of whether a security token has expired (either in container or gadget) is probably hard to implement, I don't suggest that route. On Mon, Apr 20, 2009 at 10:20 AM, Taylor Singletary <tsinglet...@linkedin.com> wrote: > Hi All, > > I¹m wondering on the best way to implement auth-refresh feature > functionality. From the examples I¹ve seen in SHINDIG-655 ( > https://issues.apache.org/jira/browse/SHINDIG-655?page=com.atlassian.jira.pl > ugin.ext.subversion%3Asubversion-commits-tabpanel ), I¹m still a bit unclear > as to practical use case scenarios, as well as how to setup tests for this. > > Here are the use cases I¹m wondering about: > > 1. Container wants to refresh the security token on demand, whenever the > security token has expired. Does this mean that we should a) add Javascript > code before a security-token requiring function is executing to determine if > the token has expired and then call the RPC function to update the token > transparently to the gadget developer, b) this is already wired in when the > feature is required (from code I¹ve seen, this would not be the case). > 2. Gadget developer wants to refresh the security token on demand, usually > before the original token has expired, through a javascript timeout > function. > > If a gadget was wanting to make use of this feature, would this be the > proper way to invoke it? > > var currentToken = ""; > > function refreshAuthToken() { > setOriginalToken(); > gadgets.rpc.call(null, "update_security_token", > checkSecurityToken, null); > }; > > function getSecurityToken() { > return shindig.auth.getSecurityToken(); > }; > > function setOriginalToken() { > currentToken = getSecurityToken(); > }; > > function checkSecurityToken(new_token) { > console.warn("Should have a new token."); > console.warn("Original Token: " + currentToken); > console.warn("New token: " + getSecurityToken() ); > }; > > Thanks, > Taylor >
