[OSM-dev] oauth token validity
Matt Amos
zerebubuth at gmail.com
Tue Sep 1 01:00:03 BST 2009
On 8/31/09, Etienne Chové <chove at crans.org> wrote:
> Hi,
>
> I'm trying to implement oauth on my online application. It works (using
> the dev server) and I can get request token, authorize it, get access
> token and modify data.
>
> My question are on access token expiration :
> - how to know when a token will expire ?
currently tokens do not expire unless manually revoked by the user.
there is talk of adding a feature for app developers to set an expiry
time, but it has not been implemented.
> - does user activity change expiration time for the token ?
no.
> - how to know what a token is allowed to access/modify ?
when you set up your app you ask for certain permissions. the user can
grant some, but not necessarily all, of these. when you make requests
to a URL which isn't permitted, you will get a forbidden response with
the error text "OAuth token doesn't have that capability."
> - how to know if a token still active ?
make a request. if it doesn't work, the token has been revoked or
never had that permission. forward the user to a page where they can
set it up ;-)
> Sorry for my bad skills, I discovered oauth this morning.
no problem - the more the merrier :-)
cheers,
matt
More information about the dev
mailing list