ubuntu-phone team mailing list archive

[Robert Schroll <rschroll@xxxxxxxxx>]

Hi all,

I'm completely confused about how I should handle authentication over 
the life of my scope.  I'll try to explain my specific problems below, 
but if you think it's best to ignore those and give me an overview of 
the recommended approach, that'd be great too.

My scope [1] uses Google oauth2 for authentication, and can't do 
anything meaningful without it.  I followed the example from the API 
documentation and authenticate in the Query::run() function.  I store 
the key for later use, as I hit the Google servers from other places 
from the code.

This works fine for a while, but if the scope is open for long enough, 
eventually Google will reply with a 401 Invalid Credentials response.  
I assume there's only a limited validity to the key I get.  I could 
detect this response and then re-run the authentication, but

1) It'd be better to know that the key was expired before hand.  Is 
there any way to know this?

2) The logical place to put this check would be inside my get() method, 
my post(), method and my batch() method.  But this is already getting 
redundant, and I'm not sure what to do when authentication fails.  
Right now, the check is in the Query::run(), so I can run 
oa_client.register_account_login_item().  Is it better to handle the 
oa_client close to the network or close to the UI?

I've also heard that scope needs to handle being killed at arbitrary 
times, which presumably means it may start up in an arbitrary state.  
(I think this is suppressed when running from Qt Creator, right?)  This 
complicates the issue further, since now I have to guard each API 
access against authentication, not just the "first" in the standard 
workflow.  (This may make worries about expiring keys moot, though.)  
How to do you handle authentication failures that could occur anywhere? 
Are there best practices documented somewhere, or am I on my own?

Thanks,
Robert

[1] https://github.com/rschroll/gmail-scope