This website uses cookies. By clicking OK, you consent to the use of cookies. Read our cookie policy.
Accept
Reject
Community

Plugin credentials expiry reminder for OAuth enabled plugins.

Status: In the Backlog Submitted by Level 2 on โ€Ž07-30-2021 10:25 PM

We often have users who have acquired credentials (Profile & settings > Credentials) for OAuth preset in SharePoint plugin come to us saying that they were able to use the plugin yesterday but not able to use it today and they are getting authentication failed error.

Could we have a reminder set 5 days prior to the expiry date that they should soon renew their credentials? Also, mention this in the SharePoint plugin document, perhaps!

Comment
1 Comment
fsergot
Dataiker
โ€Ž08-02-2021 04:31 PM

Hello,

Despite the usage issue, there is a difficulty in there.

Without entering too much into the details of OAuth, let me explain a bit the process here.

We have 2 tokens, the access tokens (the one we use to actually make the call to Sharepoint or any other service) and the refresh token (that allows to get newer access tokens when they expire). Access tokens are usually short-lived, typically 1 hour whereas refresh tokens are long lived, like 30 days.

When the access token expires, DSS manages automatically its renewal (using the long-lived refresh token).

However, the refresh token also expires, and this is what is probably happening here. In order to renew a refresh token, the OAuth protocol mandates to re-ask for authentication, hence the need for the user to go on its profile and redo the process.

Unfortunately, there is nothing defined in the OAuth protocol to retrieve the expiration time of the refresh token. Some providers gives its expiration time when it is given, some do not...

So, in the end, I do not see a reliable mechanism to anticipate when the connection will stop working and force the user to re-authenticate.

โ€Ž08-02-2021 04:31 PM
Status changed to: In the Backlog

Hello,

Despite the usage issue, there is a difficulty in there.

Without entering too much into the details of OAuth, let me explain a bit the process here.

We have 2 tokens, the access tokens (the one we use to actually make the call to Sharepoint or any other service) and the refresh token (that allows to get newer access tokens when they expire). Access tokens are usually short-lived, typically 1 hour whereas refresh tokens are long lived, like 30 days.

When the access token expires, DSS manages automatically its renewal (using the long-lived refresh token).

However, the refresh token also expires, and this is what is probably happening here. In order to renew a refresh token, the OAuth protocol mandates to re-ask for authentication, hence the need for the user to go on its profile and redo the process.

Unfortunately, there is nothing defined in the OAuth protocol to retrieve the expiration time of the refresh token. Some providers gives its expiration time when it is given, some do not...

So, in the end, I do not see a reliable mechanism to anticipate when the connection will stop working and force the user to re-authenticate.

Labels

?
Labels (1)