Post

1 follower Follow
0
Avatar

Getting 'ref_type' as 'user' for App Authentication?

I have made a custom session/database handler.  I am saving oauth values in the database for both USERS as well as APPS.  Using Server-side auth for users and APP auth for editing/adding items to apps.

In my custom session handler I need to differentiate the access/refresh tokens between Apps and Users, during the saving procedure I want to know whether my current oauth values are 'app' or 'user'.

The documentation says that an app auth should return ref_type as app, it is not doing that .  

Any other way of finding out what kind of authentication the current oauth variables hold?

Hamad Al Fahad Answered

Please sign in to leave a comment.

5 comments

0
Avatar

I'm not sure I understand. As you are making the authentication you know which kind of authentication you are doing (since they have different parameters) so it doesn't matter if the return value contains the information. You already have it.

Andreas Haugstrup Pedersen 0 votes
0
Avatar

In order to reduce API calls, I do not use Podio::Authenticate() on recurring calls.  I deal with several apps and several users, and I store their authentication details.

They both have the same parameters, access_token, refresh_token, ref_id, ref_type

I am currently using a global identifier in order to switch the session/database handler similar to the following:

setAuth('app', 'app_id')

Podio::setup(CLIENT_ID, CLIENT_SECRET);

 

the above would set the 'mode' to app authentication and trigger the session/database handler to pull data from the APP database table and store data to the APP database table.

I had my code set-up to check for $oauth['ref_type'] = 'user' or 'app' which seemed more elegant.  But 'ref_type is returning user for App authentication, just wondering if this is intended.

Hamad Al Fahad 0 votes
0
Avatar

Thanks Andreas for your help.   Let me state things more clearly:

the function

Podio:Setup(CLIENT_ID, CLIENT_SECRET) 

would trigger the Session function and retrieve the 'access/refresh/ref_id/ref_type' from the session/database, and then store the data into Oauth.

so to authenticate a new user all i have to do is supply a new 'access/refresh/ref_id/ref_type' in the session and then run the above function.  If I wanted to authenticate as an app, i would once again supply a new 'access/refresh/ref_id/ref_type' to my session and then run the above function again as follows

SetSession(access_token=XX, refresh_token=XX, ref_id=XX, ref_type=XX);

Podio::Setup(CLIENT_ID, CLIENT_SECRET);

now I'm authenticated as APP X

SetSession(access_token=YY, refresh_token=YY, ref_id=YY, ref_type=YY);

Podio::Setup(CLIENT_ID, CLIENT_SECRET);

now I'm authenticated as USER Y and so on..

 

The ref_type above is 'user' for both authentication types, so in my code there is no way of differentiating what the current authentication is.  Only if my access_token is expired would I need to run functions for authenticate() etc.  Using my global identifier is the only way currently.

Hamad Al Fahad 0 votes
0
Avatar

Hi Hamad,

I have just confirmed that everything works as expected from our end. You will get a ref_type of 'app' when authenticating as an app. It's easy to get confused when switching authentication during script execution so double check that you are really authenticated as who you think you are authenticated.

Also make sure to look into session management that's built into the PHP client. Depending on how your code is structured it may be overriding (it does its setup in Podio::setup() ). If you can you should switch your session management to hook into the built-in system as it will handle some nice things for you. E.g. automatically writing new access tokens to storage as the script execution ends. This is useful as your access token may have been refreshed during script execution and your stored copy is no longer valid.

A tiny bit of documentation: https://github.com/podio/podio-php/blob/master/examples/session-manager.php

The default implementation. If you write your own session manager all you have to do is implement the same interface in your own class. https://github.com/podio/podio-php/blob/master/lib/PodioSession.php

If you want to turn off the built in session manager, do Podio::setup() without it:

Podio::setup($client_id, $client_secret, array('session_manager' => null));

Andreas Haugstrup Pedersen 0 votes