Remember the authorization forever

Issue #27 resolved
Mateusz Mrozewski
created an issue

I haven't found any better place so I am putting my question here:

Is it possible to remember the authorization forever so that the user does not have to grant the access every time a call to provider is made?

Comments (3)

  1. Michał Jaworski

    If by "granting access" you mean whole OAuth flow aka "OAuth dance", the answer is yes.

    Client application obtains access token and can use it without any time limits in signing all further request. Note that your application providing OAuth authentication should give users option to revoke such tokens for each authorized application. You can store this access token locally.

    If by "granting access" you mean verifiing each signed request, you probably want to achieve some kind of session flow. Then, the answer is no. This wouldn't be an OAuth anymore.

  2. Log in to comment