Bug #82554 for Net-OAuth2: Serializing and restoring Net::OAuth2::AccessToken objects

Tue Jan 08 00:44:18 2013 shmuelfomberg [...] gmail.com - Ticket created

Subject:

Serializing and restoring Net::OAuth2::AccessToken objects

Hello there. Thanks for the new version of Net::OAuth2! A quick question: Net::OAuth2::AccessToken have a method "to_string". but it does not have a "from_string" method. Access tokens are always being stored and retrieved. And OAuth2's tokens are more complicated then OAuth1's tokens - there are refresh tokens and expiring and auto-refresh and such. For now I'm going to use Storable to store them, but I think that the module really needs a safe way to freeze and thew these tokens. Thanks, Shmuel.

Tue Jan 08 03:00:33 2013 solutions [...] overmeer.net - Correspondence added

Subject:	Re: [rt.cpan.org #82554] Serializing and restoring Net::OAuth2::AccessToken objects
Date:	Tue, 8 Jan 2013 09:00:13 +0100
To:	Shmuel Fomberg via RT <bug-Net-OAuth2 [...] rt.cpan.org>
From:	Mark Overmeer <solutions [...] overmeer.net>

* Shmuel Fomberg via RT (bug-Net-OAuth2@rt.cpan.org) [130108 05:44]: Show quoted text

> Tue Jan 08 00:44:18 2013: Request 82554 was acted upon. > Transaction: Ticket created by SEMUELF > Queue: Net-OAuth2 > Subject: Serializing and restoring Net::OAuth2::AccessToken objects > Broken in: 0.50 > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=82554 > > > > Thanks for the new version of Net::OAuth2!

Wow, I took over this module yesterday, and immediately get a bug report. Great! (I sincerely mean this the positive way: I like my modules to be used) Show quoted text

> A quick question: Net::OAuth2::AccessToken have a method "to_string". > but it does not have a "from_string" method. > > For now I'm going to use Storable to store them, but I think that the > module really needs a safe way to freeze and thew these tokens.

Very true... I was planning to work on that today. v0.50 is a full rework of v0.07, but does not add much. I hope I did not introduce too many new issues :( But they will get solved the same day, promise. IMO, to_string() is OK for debugging but nothing more. There needs to be some session save/freeze which is better. As complication, everyone stores sessions differently: json files, databases, storable, ... so: The new freeze should not enforce a solution, just provide a full overview of session details into a HASH. The matching thaw must be able to revive that. If like to get suggestions for that interface. -- Regards, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Tue Jan 08 03:00:33 2013 The RT System itself - Status changed from 'new' to 'open'

Tue Jan 08 03:44:12 2013 shmuelfomberg [...] gmail.com - Correspondence added

Show quoted text

> > Thanks for the new version of Net::OAuth2!

> > Wow, I took over this module yesterday, and immediately get a bug > report. Great! (I sincerely mean this the positive way: I like my > modules to be used)

Heh, imagine my surprise that the module that I read the docs, downloaded and commited to the resp, suddenly get replaced with a new version, from a new author. Had a few confused moments... :-) Show quoted text

> > A quick question: Net::OAuth2::AccessToken have a method "to_string". > > but it does not have a "from_string" method. > > > > For now I'm going to use Storable to store them, but I think that the > > module really needs a safe way to freeze and thew these tokens.

> > Very true... I was planning to work on that today. v0.50 is a full > rework of v0.07, but does not add much. I hope I did not introduce > too many new issues :( But they will get solved the same day, promise. > > IMO, to_string() is OK for debugging but nothing more. There needs > to be some session save/freeze which is better. As complication, > everyone stores sessions differently: json files, databases, storable, > ... so: The new freeze should not enforce a solution, just provide a > full overview of session details into a HASH. The matching thaw must > be able to revive that. > > If like to get suggestions for that interface.

I would prefer to get a string, with all the necessary data inside. it is the easiest to handle, no matter how you store your session. Just be sure to include a version in the string, so if one day you will decide to change the format you will be able to, and still read tokens created before.

Tue Jan 08 03:53:04 2013 solutions [...] overmeer.net - Correspondence added

Subject:	Re: [rt.cpan.org #82554] Serializing and restoring Net::OAuth2::AccessToken objects
Date:	Tue, 8 Jan 2013 09:52:53 +0100
To:	Shmuel Fomberg via RT <bug-Net-OAuth2 [...] rt.cpan.org>
From:	Mark Overmeer <solutions [...] overmeer.net>

* Shmuel Fomberg via RT (bug-Net-OAuth2@rt.cpan.org) [130108 08:44]: Show quoted text

> Queue: Net-OAuth2 > the resp, suddenly get replaced with a new version, from a new author. > Had a few confused moments... :-)

The former developer didn't find time to apply patches for over a year. Show quoted text

> > If like to get suggestions for that interface.

> > I would prefer to get a string, with all the necessary data inside. it > is the easiest to handle, no matter how you store your session.

No, not true. In an environment where I have to use the module, they have a OAuth::Lite implementation which puts each of the session values in a separate database table column. I, myself, would use Storable or Data::Dumper, not JSON, to serialize. So... Show quoted text

> Just be sure to include a version in the string, so if one day you > will decide to change the format you will be able to, and still read > tokens created before.

Useful. Can we continue this discussion outside RT? (much faster) You can reach me at mark@overmeer.net -- Regards, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Tue Jan 08 05:55:48 2013 solutions [...] overmeer.net - Correspondence added

Subject:	Re: [rt.cpan.org #82554] Serializing and restoring Net::OAuth2::AccessToken objects
Date:	Tue, 8 Jan 2013 11:55:31 +0100
To:	Mark Overmeer via RT <bug-Net-OAuth2 [...] rt.cpan.org>
From:	Mark Overmeer <solutions [...] overmeer.net>

* Mark Overmeer via RT (bug-Net-OAuth2@rt.cpan.org) [130108 08:53]: Show quoted text

> Queue: Net-OAuth2 > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=82554 >

Released v0.51, with considerable improvements. It also contains an (untested) freeze and thaw... no development time left for today, but I want to share that code with you. Please file bugreports ;-) -- Regards, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions drs Mark A.C.J. Overmeer MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Tue Jan 08 21:06:38 2013 shmuelfomberg [...] gmail.com - Correspondence added

Show quoted text

> Released v0.51, with considerable improvements. > > It also contains an (untested) freeze and thaw... no development time > left for today, but I want to share that code with you. > Please file bugreports ;-)

thanks for the new version. in the POD you call the function session_freeze while in the code the function is just called freeze. Shmuel.

Wed Jan 09 03:13:13 2013 solutions [...] overmeer.net - Correspondence added

Subject:	Re: [rt.cpan.org #82554] Serializing and restoring Net::OAuth2::AccessToken objects
Date:	Wed, 9 Jan 2013 09:12:50 +0100
To:	Shmuel Fomberg via RT <bug-Net-OAuth2 [...] rt.cpan.org>
From:	Mark Overmeer <solutions [...] overmeer.net>

* Shmuel Fomberg via RT (bug-Net-OAuth2@rt.cpan.org) [130109 02:06]: Show quoted text

> Queue: Net-OAuth2 > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=82554 > >

> > Released v0.51, with considerable improvements. > > > > It also contains an (untested) freeze and thaw... no development time > > left for today, but I want to share that code with you. > > Please file bugreports ;-)

> > thanks for the new version. > in the POD you call the function session_freeze while in the code the > function is just called freeze.

Should be session_freeze() The names in module are compatible with older releases, which are not always correct. ::AccessToken is actually the client... the token itself is part of the session which gets set-up. In the next release (this week), I will need to provide an example how to use freeze/thaw. Something like this: my $auth = Net::OAuth2::Profile::WebServer->new(...); my $token = $auth->get_access_token(...); my $session = $token->freeze_session; # now save $session in database or file ... # restore session my $auth = Net::OAuth2::Profile::WebServer->new(...); my $token = Net::OAuth2::AccessToken->session_thaw($session , profile => $auth); -- Regards, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Wed Jan 09 08:34:37 2013 shmuelfomberg [...] gmail.com - Correspondence added

Show quoted text

> > thanks for the new version. > > in the POD you call the function session_freeze while in the code the > > function is just called freeze.

> > Should be session_freeze()

Thanks. I have finished implementing the stuff that I needed. used it to collect foursquare events to the website. I have a question about token refreshing: does the module automatically track the token expire time, and automatically request a new token when I attempt to use it next time? Thanks, Shmuel.

Wed Jan 09 08:43:21 2013 secretaris [...] nluug.nl - Correspondence added

Subject:	Re: [rt.cpan.org #82554] Serializing and restoring Net::OAuth2::AccessToken objects
Date:	Wed, 9 Jan 2013 14:42:59 +0100
To:	Shmuel Fomberg via RT <bug-Net-OAuth2 [...] rt.cpan.org>
From:	Mark Overmeer <secretaris [...] nluug.nl>

* Shmuel Fomberg via RT (bug-Net-OAuth2@rt.cpan.org) [130109 13:34]: Show quoted text

> Queue: Net-OAuth2 > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=82554 >

Show quoted text

> Thanks. > I have finished implementing the stuff that I needed. used it to collect > foursquare events to the website.

Glad to hear that the module is not 100% broken (anymore ;-) Can I include it as example? In a stripped/reworked/anonymized way? Show quoted text

> I have a question about token refreshing: does the module automatically > track the token expire time, and automatically request a new token when > I attempt to use it next time?

I took the refresh code from one of the contributed patches, which did not get integrated in the last year. Not tested, should work automatically. -- Regards, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Wed Jan 09 09:48:17 2013 shmuelfomberg [...] gmail.com - Correspondence added

Show quoted text

> > I have finished implementing the stuff that I needed. used it to collect > > foursquare events to the website.

> > Glad to hear that the module is not 100% broken (anymore ;-) > Can I include it as example? In a stripped/reworked/anonymized way?

I'm not sure how good it will do. The thing is a CMS (Movable Type) plugin (Action Streams) that can collect public events from multiple sources and list them in your site. But today more and more services are locking the public data behind OAuth. Show quoted text

> > I have a question about token refreshing: does the module automatically > > track the token expire time, and automatically request a new token when > > I attempt to use it next time?

> > I took the refresh code from one of the contributed patches, which did > not get integrated in the last year. Not tested, should work > automatically.

Then it should probably be documented that the token need to be re-stored in the session after the usage... Shmuel.

Wed Jan 09 09:56:37 2013 solutions [...] overmeer.net - Correspondence added

Subject:	Re: [rt.cpan.org #82554] Serializing and restoring Net::OAuth2::AccessToken objects
Date:	Wed, 9 Jan 2013 15:56:04 +0100
To:	Shmuel Fomberg via RT <bug-Net-OAuth2 [...] rt.cpan.org>
From:	Mark Overmeer <solutions [...] overmeer.net>

* Shmuel Fomberg via RT (bug-Net-OAuth2@rt.cpan.org) [130109 14:48]: Show quoted text

> Queue: Net-OAuth2 > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=82554 > >

> > I took the refresh code from one of the contributed patches, which did > > not get integrated in the last year. Not tested, should work > > automatically.

> > Then it should probably be documented that the token need to be > re-stored in the session after the usage...

Yes, that's a good idea. Probably some feature to do that lazy. Or, the profile should have a parameter which automatically saves the session... ->new(auto_save => CODE) -- Regards, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Thu Jan 10 01:17:53 2013 shmuelfomberg [...] gmail.com - Correspondence added

Show quoted text

> > > I took the refresh code from one of the contributed patches, which did > > > not get integrated in the last year. Not tested, should work > > > automatically.

> > > > Then it should probably be documented that the token need to be > > re-stored in the session after the usage...

> > Yes, that's a good idea. Probably some feature to do that lazy. > Or, the profile should have a parameter which automatically saves > the session... > ->new(auto_save => CODE)

I think that's a sure way to make a circular ref: the session object holds the token, the token hold a subref that holds the session. (so it can save it) A simple 'dirty' flag will do the job for me. Shmuel.

Thu Jan 10 02:54:19 2013 Mark [...] Overmeer.net - Correspondence added

Subject:	Re: [rt.cpan.org #82554] Serializing and restoring Net::OAuth2::AccessToken objects
Date:	Thu, 10 Jan 2013 08:54:00 +0100
To:	Shmuel Fomberg via RT <bug-Net-OAuth2 [...] rt.cpan.org>
From:	Mark Overmeer <mark [...] overmeer.net>

* Shmuel Fomberg via RT (bug-Net-OAuth2@rt.cpan.org) [130110 06:18]: Show quoted text

> Queue: Net-OAuth2 > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=82554 > >

> > > > I took the refresh code from one of the contributed patches, which did > > > > not get integrated in the last year. Not tested, should work > > > > automatically.

> > > > > > Then it should probably be documented that the token need to be > > > re-stored in the session after the usage...

> > > > Yes, that's a good idea. Probably some feature to do that lazy. > > Or, the profile should have a parameter which automatically saves > > the session... > > ->new(auto_save => CODE)

> > I think that's a sure way to make a circular ref: the session object > holds the token, the token hold a subref that holds the session. (so > it can save it)

Both the creation of the token as the update are managed by the profile, so the responsibility is very clear. Show quoted text

> A simple 'dirty' flag will do the job for me.

That means that you have to be aware about the existence of a session on multiple places in your program. I think it gets simpler when that is reduced to a single spot. A dirty flag may be needed as well anyway, because auto_save would be optional. -- Regards, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Thu Jan 10 20:23:43 2013 shmuelfomberg [...] gmail.com - Correspondence added

Show quoted text

> > A simple 'dirty' flag will do the job for me.

> > That means that you have to be aware about the existence of a session > on multiple places in your program. I think it gets simpler when that > is reduced to a single spot. A dirty flag may be needed as well > anyway, > because auto_save would be optional.

Thanks. My current implementation re-save the token after every use, but of course when you will implement the dirty flag I will change it. Thanks. Shmuel Fomberg.

Tue Jan 15 07:24:17 2013 solutions [...] overmeer.net - Correspondence added

Subject:	Re: [rt.cpan.org #82554] Serializing and restoring Net::OAuth2::AccessToken objects
Date:	Tue, 15 Jan 2013 13:23:58 +0100
To:	Shmuel Fomberg via RT <bug-Net-OAuth2 [...] rt.cpan.org>
From:	Mark Overmeer <solutions [...] overmeer.net>

* Shmuel Fomberg via RT (bug-Net-OAuth2@rt.cpan.org) [130111 01:23]: Show quoted text

> Queue: Net-OAuth2 > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=82554 > >

> > > A simple 'dirty' flag will do the job for me.

> > My current implementation re-save the token after every use, but of > course when you will implement the dirty flag I will change it.

You can try it with version 0.52, which I have just released to CPAN. The default behavior of auto_save is to set the 'changed' flag. -- Success, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Fri Jan 18 04:38:31 2013 MARKOV [...] cpan.org - Correspondence added

User disappeared, probably resolved

Fri Jan 18 04:38:32 2013 MARKOV [...] cpan.org - Status changed from 'open' to 'resolved'