Results 1 to 2 of 2

Thread: oAuth immediate mode

  1. #1

    oAuth immediate mode

    We are building a web application that frequently uploads data to cloud storage of a user. This application does not have a backend and thus we have to use the "Browser oAuth Flow" aka the "Implicit Flow" to connect to user storage. Bearer tokens obtained in this way expire hourly so we'd have to ask the user again and again for authorization.

    Here is my feature request:
    Implement an immediate mode similar to the one implemented by google or dropbox. This would allow us to "refresh" the bearer token if the user has an authorized session with the respective storage provider.
    Actually this behavior is the default with the aforementioned providers. Dropbox has a parameter called force_reapprove, gdrive uses a parameter called prompt.

    Best regards
    Stefan

  2. #2
    HiDrive Development
    Join Date
    Oct 2013
    Posts
    12
    Hi Stefan.

    Thank you for the feature request. We are aware that, currently, HiDrive does not offer a streamlined way to authenticate javascript client-side apps. Back when we implemented OAuth2, we made made a conscious choice weighing security vs. convenience on the one hand and expected usage patterns on the other hand and thus decided to leave the implicit flow and device flow for later.

    We understand that offering this flow would enhance the user experience and will discuss the issue in the team. Implementing this flow will require internal changes, so even if we decide to go forward this will take a bit of time.

    Best wishes
    Cornelius

    P.S. for clarification: The implict flow is indeed offered, but there is no persistence of the userís authorization decision at the authorization server because the authorization server does currently not maintain a session with the browser by using cookies and/or local storage.
    Last edited by cornelius; 2016-04-04 at 05:33 PM.
    --
    Cornelius Bartke, STRATO HiDrive, Development

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •