ruby on rails - Doorkeeper refresh token and concurrency -


in current implementation of doorkeeper, when access_token refreshed doorkeeper sends new refresh_token.this valid implementation becomes problematic when there concurrent apis calls client side (ios, android) calling refresh access token @ same time. means there @ least 1 thread ending expired tokens cant refresh.

anyone has solution race condition?

we've solved before (not doorkeeper) couple of different ways.

request queue:

on our mobile apps we've implemented request queue, , before request made check if token needs refreshed pause queue, refresh token, unpause again. no changes server required in case

this has tradeoffs (you need sync request threads etc), pretty reliable @ stopping refresh contention without needing modify server.

refresh jitter , jwt:

since using jwt (where access_token expiry written token , not revoked @ server end), can add random number of "jitter seconds" refresh expiry each time check. decreases likelihood of 2 requests trying refresh @ same time. used in angularjs app confused several tabs open. there random chance 1 tab refresh before rest, while rest continue use existing access_token until new 1 returned , updated.

this work without jwt if can manage access_tokens stay valid when corresponding refresh token used, allow 'other' requests continue use 'old' token until next time.

it's not entirely foolproof, reduced likelihood enough happy it.

expiry buffers tokens:

the last way when refresh executed, don't expire token few seconds later 'concurrent' threads new token returned. easy enough when i'd written server component scratch, might not easy doorkeeper. think you'd more milage other 2 approaches.


-

Comments

Post a Comment

Popular posts from this blog

c# - Binding a comma separated list to a List<int> in asp.net web api -

the default binder in web api expecst http://url.com/webapi/report/?pageids=3243&pageids=2365 to bind public ihttpactionresult report(list<int> pageids){ // exciting webapi code} i wish bind http://url.com/webapi/report/?pageids=3243,2365 as running out of space in url get . i have created class public class commaseparatedmodelbinder : system.web.http.modelbinding.imodelbinder { public bool bindmodel(httpactioncontext actioncontext, modelbindingcontext bindingcontext) { //binding in here } } and registered in webapiconfig.cs var provider = new simplemodelbinderprovider( typeof(list<int>), new commaseparatedmodelbinder()); config.services.insert(typeof(modelbinderprovider), 0, provider); i have altered method signature use model binder so public ihttpactionresult report( [modelbinder] list<int> pageids){ // exciting webapi code} however break point in binder not being
Read more

Delphi 7 and decode UTF-8 base64 -

in delphi 7, have widestring encoded base64(that received web service widestring result) : pd94bwwgdmvyc2lvbj0ims4wij8+dqo8c3ryaw5nptiq2lpyqjwvc3ryaw5npg== when decoded it, result not utf-8: <?xml version="1.0"?> <string>طھط³طھ</string> but when decoded base64decode.org, result true : <?xml version="1.0"?> <string>تست</string> i have use encddecd unit decodestring function. the problem have using decodestring . function, in delphi 7, treats decoded binary data being ansi encoded. , problem text utf-8 encoded. to continue encddecd unit have couple of options. can switch decodestream . instance, code produce utf-8 encoded text file data: {$apptype console} uses classes, encddecd; const data = 'pd94bwwgdmvyc2lvbj0ims4wij8+dqo8c3ryaw5nptiq2lpyqjwvc3ryaw5npg=='; var input: tstringstream; output: tfilestream; begin input := tstringstream.create(data); try output := tfilestream.
Read more

html - Is there any way to exclude a single element from the style? (Bootstrap) -

so, have img logo, overlaid on div styled background-image: url("...") , , both elements inside 2 div classes .to-color , .to-overlay respectively, black transparent overlay. is there way exclude logo style given these 2 classes? here's jsfiddle example: link html , css example: - html - <div class="to-color"> <div class="to-overlay"> <div class="respo"> <div class="row"> <div class="col-xs-4 col-xs-offset-4 text-center"> <img src="http://ansonalex.com/wp-content/uploads/2011/06/google-logo-768x260.png" alt="..." class="img-responsive"> </div> </div> </div> </div> </div> - css - .to-color { background-color: #000; } .to-overlay { opacity : 0.5; } .respo { background-image: url("https://source.unsplash.com/category/objects/1600x900"); background-position: center center;
Read more