Google and OAuth 2.0

Ben Bucksch ben.bucksch at beonex.com
Tue Apr 29 16:36:57 UTC 2014


Patrick Cloke wrote, On 29.04.2014 18:23:
>
>     If tokens can expire and be refreshed by Lightning without (!)
>     user interaction, I don't know how that would work. Can you
>     expand, please?
>
>
> This doesn't seem right, I "frequently" (I hesitate to give a time 
> frame, but probably once every couple of weeks) have a Window pop up 
> asking if I want to allow Lightning to access my calendar.  (It also 
> pops up individually for every calendar I have, even when they're all 
> with the same account, and they all pop up at once.) I'm unsure if 
> this is a bug or not.

(Thanks for the info!)

Yup. That's the token expiry. "A few weeks" is a common expiry time for 
"long" sessions.

This is exactly the kind of interaction that I find user-hostile and I 
do not want to be standard experience for reading email.

It requires the app to have a web browser ready at *any moment*, which 
cements the dependency. It totally destroys non-interactive processes - 
worse: they silently break after a long time, after (!) you tested them 
and assume they work.

Even more so if answering the auth window might involve getting my 
mobile phone. Which I often do not have available at all when I work. I 
can't do that even to make a bank transfer of thousands of dollars, much 
less just to read email.

In theoretical terms, these are 2 "media breaks": Email app to web 
browser, and web browser to physical phone. Since we introduced 
computers, I've always been fighting media breaks, usually between paper 
and computer.

Ben



More information about the tb-planning mailing list