Reimplement refresh token flow #75
Conversation
|
Note: We need to add |
|
I can add the scope. I want to make sure we understand what will happen there, because all users will have to re-grant authorization permission to the client once the scope is added, since the authorization is on a per scope basis. I think the worst that will happen is that some people might need to close and reopen tableau - but I'm not sure what they will see to let them know that's what's going on. |
src/TableauConnector.js
Outdated
| @@ -75,12 +75,12 @@ class TableauConnector { | |||
| tableau.registerConnector(this.connector) | |||
| } | |||
|
|
|||
| authenticate () { | |||
| async authenticate () { | |||
There was a problem hiding this comment.
I think this can be removed, as there is no accompanying await statement.
|
@andela-Kshittu Can you give me a little bit more background on this solution? I remember there being some reason why we could only store one token (because of the password field required by Tableau) and that we decided to store the refresh token instead of the access token so that we could appropriately request a new token rather than letting the access token expire, leaving the user in a bad state because Tableau doesn't correctly kick you out to the auth flow when your token expires. It looks to me like we are only holding on to the refresh token in this implementation. Does that mean that we are doing some sort of token exchange for the access token on each call to the API, or is that exchange only happening once while the access token is not expired? @tle had some concerns about this option if the implementation is such that we are making frequent exchanges of refresh tokens for access tokens. |
|
@lydiaguarino Yes, we are doing a token exchange for the access token on each call to the API and we decided to go that route for us to be able to support scheduled refreshes on Tableau Server. |
The additional scope (user_api_offline) will appear in the UI during authorization flow.
|
No description provided.