Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cart token outlives cart #24

Open
monicavalluri opened this issue Mar 31, 2020 · 1 comment
Open

Cart token outlives cart #24

monicavalluri opened this issue Mar 31, 2020 · 1 comment
Assignees
@cdvoisin
Labels
ddap DDAP development p3

Comments

@monicavalluri
Copy link
Collaborator

When authorizing a view, the cart token that is given back has a default TTL of 3600 Seconds, however, the cart itself only is valid for 300 seconds or so.

The user would expect:

  1. To get a token that gives them access to the cart
  2. To use the token for the entire TTL of the cart token against the checkout API
  3. When the cart token expires to be given a 401

This is related to #23
@monicavalluri
Copy link
Collaborator Author

@patmagee's comment: Also related to this., we should figure out the relationship between refresh tokens and the cart. If a user gets a refresh token after being authorized for specific resources, no access tokens generated with the refresh work with the cart endpoint. Should this be the desired behavior?

@chaopeng chaopeng added p2 ddap DDAP development p3 and removed p2 labels Apr 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cdvoisin cdvoisin

Labels
ddap DDAP development p3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chaopeng @monicavalluri @cdvoisin