How do I recognise an invalid access token from chrome.identity.getAuthToken()?

[smitten]

The onInstall hook for my extension calls chrome.identity.getAuthToken(). If this is the first time I've run the app, all works OK.

The issue I have is that during testing, I am revoking access and then re-installing the extension. In this scenario, getAuthToken() is returning the cached, invalid token. Some time later, my extension is failing 401 when I try to use the extension. What I want to do is to detect that the extension has come from the cache, and immediately remove it so I can do the auth dialogue. If I could access the token expiration time, I could deduce its validity, but afaik, the expiration time isn't visible.

Any suggestions on how to code around this?

[Michael Courage]

The token cache automatically removes expired tokens, so you should never get an expired token from getAuthToken. If the tokens are actually getting revoked, the only way to know is when you get back a 401 from an API call. When you do get a 401 on an API call, you can call chrome.identity.removeCachedAuthToken to flush the token from the cache before you call getAuthToken again. See, for example, the xhrWithAuth function in the Identity API sample.

Chrome isn't informed when tokens get revoked on the server side, so there's no way for it to tell your app that the revocation happened.

--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/770d7f25-72cd-4e1b-862e-467eb64d9054%40chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/groups/opt_out.

[smitten]

Thx Michael. I was afraid that was the case. There is no way to access the expiration time of the token?

On Tuesday, 12 November 2013 17:44:58 UTC, Michael Courage wrote:

The token cache automatically removes expired tokens, so you should never get an expired token from getAuthToken. If the tokens are actually getting revoked, the only way to know is when you get back a 401 from an API call. When you do get a 401 on an API call, you can call chrome.identity.removeCachedAuthToken to flush the token from the cache before you call getAuthToken again. See, for example, the xhrWithAuth function in the Identity API sample.

Chrome isn't informed when tokens get revoked on the server side, so there's no way for it to tell your app that the revocation happened.

On Tue, Nov 12, 2013 at 3:53 AM, smitten <roy.sm...@gmail.com> wrote:

The onInstall hook for my extension calls chrome.identity.getAuthToken(). If this is the first time I've run the app, all works OK.

The issue I have is that during testing, I am revoking access and then re-installing the extension. In this scenario, getAuthToken() is returning the cached, invalid token. Some time later, my extension is failing 401 when I try to use the extension. What I want to do is to detect that the extension has come from the cache, and immediately remove it so I can do the auth dialogue. If I could access the token expiration time, I could deduce its validity, but afaik, the expiration time isn't visible.

Any suggestions on how to code around this?

--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

[Michael Courage]

What are you trying to do that requires the expiration time specifically? The reason the expiration time is not available in the chrome.identity API is that it's better to have a single implementation of the caching and expiration logic, and that logic already exists inside getAuthToken. However, if there's something that can't be accomplished with the current API, I'd like to understand it.

It sounds like you might be trying to test your install code, which normally wouldn't receive a cached token. You can do this by manually removing the token from the cache using chrome://identity-internals/. The token cache is not persisted, so you could also restart Chrome between runs to achieve the same thing.

If there really is some reason you must know the expiration time, you can ask the server side: https://www.googleapis.com/oauth2/v2/tokeninfo?access_token=<token>. 

[Roy Smith]

It's a bit of an edge case, so unlikely in the wild, but crops up frequently during testing. As I'm testing onboarding a new user, I revoke the authorization between test runs. This means I have a cached invalid token. When the extension is installed, it does an initial token request. If I could see the expiration time, I would know if this was a fresh (and hence valid) token, or an old (and hence invalid) token. If it was easy to do, I would add code to deal with that scenario. Since it isn't, I'll just leave it and wait for a 401. 

[Michael Courage]

Thanks for the explanation. Since revocations and expiration time are not related, I think your planned implementation (handling 401s) is the best way to go. 

[kittensninja]

As you stated below that I should never get an expired token from getAuthToken, but all I have been getting is undefined. getAuthToken doesn't seem to fetch a new token for me at all. It works with interactive: true, but not with interactive: false. Any help would greatly appreciate it. 

Below is my version of chrome. Any help is very much appreciated it. 

Chrome Version: 

Version 70.0.3538.67 (Official Build) (64-bit)

On Tuesday, November 12, 2013 at 12:44:58 PM UTC-5, Michael Courage wrote:

The token cache automatically removes expired tokens, so you should never get an expired token from getAuthToken. If the tokens are actually getting revoked, the only way to know is when you get back a 401 from an API call. When you do get a 401 on an API call, you can call chrome.identity.removeCachedAuthToken to flush the token from the cache before you call getAuthToken again. See, for example, the xhrWithAuth function in the Identity API sample.

Chrome isn't informed when tokens get revoked on the server side, so there's no way for it to tell your app that the revocation happened.

On Tue, Nov 12, 2013 at 3:53 AM, smitten <roy.sm...@gmail.com> wrote:

The onInstall hook for my extension calls chrome.identity.getAuthToken(). If this is the first time I've run the app, all works OK.

The issue I have is that during testing, I am revoking access and then re-installing the extension. In this scenario, getAuthToken() is returning the cached, invalid token. Some time later, my extension is failing 401 when I try to use the extension. What I want to do is to detect that the extension has come from the cache, and immediately remove it so I can do the auth dialogue. If I could access the token expiration time, I could deduce its validity, but afaik, the expiration time isn't visible.

Any suggestions on how to code around this?

--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.