-
Notifications
You must be signed in to change notification settings - Fork 449
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implemented refresh tokens #165
Implemented refresh tokens #165
Conversation
@iulianav thank you so much for sending this PR 🎉 I might have to study a little bit to understand how it works and review it properly, but from what I've seen in your PR your work seems to make a lot of sense 😄 Regarding testing do you need help testing the API itself (1)? Or just writing tests for it (2)?
Let me know if you have any question. |
4ffc68e
to
88d1445
Compare
@isabelcosta Thank you! I have already written some tests (2), but not sure about the location! At first, I wanted to add them to test_api_login.py, but then I added them in the end to test_api_authentication.py because the class was called I also played with (1) and it seemed fine. I will test it more tho! |
@iulianav Regarding written tests: I think it is better to create a separate file dedicated to your new API /refresh tests There are some tests that may not be well separated, because when I did them I was still learning how to implement tests and make the project "modular". |
@iulianav I will edit te PR description to have |
88d1445
to
d1e2e36
Compare
@isabelcosta great! I amended the commit following some API testing (1) and your suggestions. I believe everything will work as expected hopefully! :) |
d1e2e36
to
db5b9f3
Compare
@ramitsawhney27 , @m-murad can you take a look at this? I understand a bit of this feature, but I need more eyes on this just to be sure it does what is supposed to. |
@@ -154,7 +155,14 @@ def add_models_to_namespace(api_namespace): | |||
|
|||
login_response_body_model = Model('Login response data model', { | |||
'access_token': fields.String(required=True, description='User\'s access token'), | |||
'expiry': fields.Float(required=True, description='Access token expiry UNIX timestamp') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this could remain still on this PR, until the android app is refactored to not use expiry, I'm not sure now, I think expiry
is not used for anything on systers/mentorship-android if this is true than this can be removed :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@isabelcosta i will leave it for now and add a TODO comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work @iulianav with this PR!
I just need you to fix merge conflicts and then squash commits
You definitely followed the community guidelines here 🎉
I just need at least one more review from maintainers here.
@isabelcosta thank you alot! |
Addresses anitab-org#160 Access tokens expire and require the user to login again in order to receive a new one. With the use of refresh tokens, the user can request from the auth server new access tokens without having to logout and login again. Moreover, the life of a refresh token is much longer, but for this reason they need to be stored very securely. Signed-off-by: Iuliana Voinea <iulianavoinea96@gmail.com>
db5b9f3
to
8e58691
Compare
login_response_body_model = Model('Login response data model', { | ||
'access_token': fields.String(required=True, description='User\'s access token'), | ||
'expiry': fields.Float(required=True, description='Access token expiry UNIX timestamp') | ||
'expiry': fields.Float(required=True, description='Access token expiry UNIX timestamp'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@isabelcosta i kept it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool ;) it can be removed later @iulianav
Description
Access tokens expire and require the user to login again in order to receive a new one. With the use of refresh tokens, the user can request from the auth server new access tokens without having to logout and login again. Moreover, the life of a refresh token is much longer, but for this reason they need to be stored very securely.
Fixes #160
Type of Change:
Code/Quality Assurance Only
How Has This Been Tested?
I have not tested it properly yet.
Checklist:
Code/Quality Assurance Only