OAuth: Automatically Refresh Token on Expiry#76
Conversation
| 'EndToEnd/member-update', | ||
| 'EndToEnd/product' | ||
| 'EndToEnd/product', | ||
| 'Integration' |
There was a problem hiding this comment.
Integration tests weren't running on GitHub actions; this ensures they run.
| 'access_token' => $result['access_token'], | ||
| 'refresh_token' => $result['refresh_token'], | ||
| 'token_expires' => ( $result['created_at'] + $result['expires_in'] ), | ||
| 'token_expires' => ( time() + $result['expires_in'] ), |
There was a problem hiding this comment.
Why are you switching to this? Wouldn't this set the expiration to longer than it actually is?
There was a problem hiding this comment.
expires_in is the number of seconds before the access token expires, not a timestamp of when the access token expires, and the API has never returned a fixed value. Adding it to created_at results in the exact issue reported in this PR. Adding it to time() results in the correct calculation of the token's expiry. But if I'm missing something obvious, let me know.
There was a problem hiding this comment.
@noelherrick Let me know if this needs another review. It's the same principle as the main Kit Plugin: Kit/convertkit-wordpress#840
Summary
Reduces the likelihood of 401 unauthorized requests being sent to the Kit API by scheduling a WordPress cron event to refresh an expired access token on its expiry.
Presently, the Plugin relies on logic to check if an API request returns a 401 error with the message
The access token expired. On lower traffic sites - for example, where there are not many customers subscribing or purchases being sent to Kit - this isn't a reliable method, as a call to the API won't always be triggered.Testing
testCronEventCreatedWhenAccessTokenObtained: Test that theconvertkit_refresh_tokenevent is scheduled when OAuth first completes and the Plugin receives access and refresh tokens.testCronEventCreatedWhenTokenRefreshed: Test that theconvertkit_refresh_tokenevent is scheduled when the access token is refreshed.Checklist