Allow for "unmanaged" UserSessions where tokens are not checked for expiration
See original GitHub issueThe authentication
prop is required in both IAddItemDataOptions
and IUpdateItemOptions
which means that a UserSession
has to be passed in.
This is not ideal in a server-side environment where only a token is available but not a UserSession
.
Would it be possible to change those two types so that authentication
is optional and instead a token can be passed in through params
?
In applyEdits
for example, authentication
is also not required and a token can be passed through directly via:
params: {
token: 'token'
}
There it seems to be handled just fine. Maybe we could change addItemData
and updateItem
to be similar?
Let me know if I should make a PR.
Issue Analytics
- State:
- Created 4 years ago
- Comments:14 (14 by maintainers)
Top Results From Across the Web
Conditional Access: Session - Azure Active Directory
Azure AD Conditional Access allows you to enforce access controls on your organization's apps based on certain conditions. The conditions define ...
Read more >Token expiration and revocation - GitHub Docs
When a token has expired or has been revoked, it can no longer be used to authenticate Git and API requests. It is...
Read more >OAuth Token Value does not change after Expiration
In scenarios where an expired access token appears to be reused with no active session apparently used, the user's login history should be...
Read more >Set ChromeOS device policies - Chrome Enterprise and ...
Sign in using your administrator account (does not end in @gmail.com). From the Admin console Home page, go to Devices and then Chrome....
Read more >Configure Refresh Token Expiration - Auth0
Enable Inactivity Expiration. When enabled, a refresh token will expire based on a specified inactivity lifetime, after which the token can no longer...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
In a call today, @patrickarlt suggested that we should instead have
IRequestOptions
haveauthentication: IAuthenticationManager | string
, and w/inrequest()
, we’d check to see iftypeof authentication === 'string'
and if so we just assume you know what you’re doing and we assume it’s a valid token.The more I think about this the more I like just allowing
token
without any other properties.It would be pretty simple to add a case for this. I think we need to make
determineOwner
fetch theusername
from the portal if it is undefined. or possibly add a function toUserSession
to fetch the username and cache it since theusername
for a giventoken
will never change. I’ll make a separate issue for this.Assigning this to myself.