I am using everyauth in my expressjs app to do oauth authentication & authorization with 37signals site. However, this is a general oauth question.
When the user accesses my app the first time, he authenticates and authorizes my app from 37signals site. He is then redirected to my app, where I save the user info in Database along with the access token. Now lets say, the user logs out. If he tries to login, he is forced to authorize my app again. This is not right. I expected everyauth to bypass the authorization step, since it was already done once. This is usually done, by passing the refresh token while starting the oauth flow with the oauth provider site. But I am not sure how everyauth is handling the second time login. Can somebody throw some light on this?
I start the oauth flow when the user tries to login by redirecting him to http://localhost/auth/37signals
.
Here is the everyauth code I am using,
everyauth['37signals']
.appId('e6e76726501abf1b5627fe854b384ef8d62d7a55')
.appSecret('7c6891f46cb19aaf1831785968630ed4a1b3c342')
.findOrCreateUser( function (sess, accessToken, accessSecret, _37signalsUser) {
console.log('inside findOrCreateUser');
console.log(util.inspect(_37signalsUser));
var promise = this.Promise();
users.findOrCreateUser(_37signalsUser, accessToken, accessSecret, promise);
return promise;
})
.redirectPath('/authenticated');
I implemented the twitter strategy and have the same problem here as well. The approval screen (Authorize app name to use your account) appears every time the user logs in after logging out.
Looks like this is not supported according to this thread https://groups.google.com/forum/?fromgroups=#!searchin/37signals-api/refresh/37signals-api/B59BS-CMxfs/pf3NsaHMUN4J