Google and OAuth 2.0
ben.bucksch at beonex.com
Tue Apr 29 16:36:57 UTC 2014
Patrick Cloke wrote, On 29.04.2014 18:23:
> If tokens can expire and be refreshed by Lightning without (!)
> user interaction, I don't know how that would work. Can you
> expand, please?
> This doesn't seem right, I "frequently" (I hesitate to give a time
> frame, but probably once every couple of weeks) have a Window pop up
> asking if I want to allow Lightning to access my calendar. (It also
> pops up individually for every calendar I have, even when they're all
> with the same account, and they all pop up at once.) I'm unsure if
> this is a bug or not.
(Thanks for the info!)
Yup. That's the token expiry. "A few weeks" is a common expiry time for
This is exactly the kind of interaction that I find user-hostile and I
do not want to be standard experience for reading email.
It requires the app to have a web browser ready at *any moment*, which
cements the dependency. It totally destroys non-interactive processes -
worse: they silently break after a long time, after (!) you tested them
and assume they work.
Even more so if answering the auth window might involve getting my
mobile phone. Which I often do not have available at all when I work. I
can't do that even to make a bank transfer of thousands of dollars, much
less just to read email.
In theoretical terms, these are 2 "media breaks": Email app to web
browser, and web browser to physical phone. Since we introduced
computers, I've always been fighting media breaks, usually between paper
More information about the tb-planning