Google and OAuth 2.0
ben.bucksch at beonex.com
Tue Apr 29 16:17:24 UTC 2014
neandr at gmx.de wrote, On 28.04.2014 20:10:
> Lightning hides that process from the user.
> That access key will be used to generate a token to work with your
> mail/calendar. That token will expire after a certain time and your
> application (mail/calendar) needs to generate a new token. Normally
> the user should not notice about that for any session.
Expiry indeed is a core problem. One-time setup - if it's really once
and then never again - can be handled differently than something that
can up at any random time.
How does that process work? All readable documentation I found about
OAuth speaks about webpages. That is: not HTTP URLs, but random HTML
served by Google, containing arbitrary challenges to the end user (e.g.
enter phone number, Google sending a code there, enter that code) that
only the allowed human can fulfill.
If tokens can expire and be refreshed by Lightning without (!) user
interaction, I don't know how that would work. Can you expand, please?
More information about the tb-planning