Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Allow for "unmanaged" UserSessions where tokens are not checked for expiration

See original GitHub issue

The authentication prop is required in both IAddItemDataOptions and IUpdateItemOptions which means that a UserSession has to be passed in.

This is not ideal in a server-side environment where only a token is available but not a UserSession. Would it be possible to change those two types so that authentication is optional and instead a token can be passed in through params?

In applyEdits for example, authentication is also not required and a token can be passed through directly via:

params: {
  token: 'token'
}

There it seems to be handled just fine. Maybe we could change addItemData and updateItem to be similar?

Let me know if I should make a PR.

Issue Analytics

State:
Created 4 years ago
Comments:14 (14 by maintainers)

Top GitHub Comments

3reactions

tomwaysoncommented, Jun 10, 2021

In a call today, @patrickarlt suggested that we should instead have IRequestOptions have authentication: IAuthenticationManager | string, and w/in request(), we’d check to see if typeof authentication === 'string' and if so we just assume you know what you’re doing and we assume it’s a valid token.

2reactions

patrickarltcommented, Mar 16, 2020

The more I think about this the more I like just allowing token without any other properties.

import { UserSession } from "@esri/arcgis-rest-auth";
import { updateItem } from "@esri/arcgis-rest-portal";

updateItem({
  item: {
    id: "3ef...",
    description: "A three hour tour"
  },
  authentication: new UserSession({
    token: "YOUR_TOKEN" // just assume this isn't expired...
  })
})

It would be pretty simple to add a case for this. I think we need to make determineOwner fetch the username from the portal if it is undefined. or possibly add a function to UserSession to fetch the username and cache it since the username for a given token will never change. I’ll make a separate issue for this.

Assigning this to myself.

Top Results From Across the Web

Conditional Access: Session - Azure Active Directory

Azure AD Conditional Access allows you to enforce access controls on your organization's apps based on certain conditions. The conditions define ...

Token expiration and revocation - GitHub Docs

When a token has expired or has been revoked, it can no longer be used to authenticate Git and API requests. It is...

OAuth Token Value does not change after Expiration

In scenarios where an expired access token appears to be reused with no active session apparently used, the user's login history should be...

Set ChromeOS device policies - Chrome Enterprise and ...

Sign in using your administrator account (does not end in @gmail.com). From the Admin console Home page, go to Devices and then Chrome....

Configure Refresh Token Expiration - Auth0

Enable Inactivity Expiration. When enabled, a refresh token will expire based on a specified inactivity lifetime, after which the token can no longer...