Posted August 21, 2020
Kalanyr: Yes, you can store the (pseudo)-OAuth session data , which is pretty much the following.
{'access_token': 'REDACTED',
'expires_in': 3600,
'expiry': REDACTED,
'refresh_token': 'REDACTED',
'scope': '',
'session_id': 'REDACTED',
'token_type': 'bearer',
'user_id': 'REDACTED'}
You can then use it whenever you need to login again. You do need to do a session renew request as documented when it expires (which is each hour), IIRC you have to calculate the actual expiry time yourself (which is why I have an expiry field as well as the expires_in. but you could keep acquisition time + expires_in and use that instead. )
(If you want to send me a PM , I can send you the still a mess code for the next version of GOGrepoc but it does actually have fully working GOG OAuth code you can copy)
Geralt_of_Rivia: First and foremost, thanks for answering my questions. I hope I don't take up too much of your time. {'access_token': 'REDACTED',
'expires_in': 3600,
'expiry': REDACTED,
'refresh_token': 'REDACTED',
'scope': '',
'session_id': 'REDACTED',
'token_type': 'bearer',
'user_id': 'REDACTED'}
You can then use it whenever you need to login again. You do need to do a session renew request as documented when it expires (which is each hour), IIRC you have to calculate the actual expiry time yourself (which is why I have an expiry field as well as the expires_in. but you could keep acquisition time + expires_in and use that instead. )
(If you want to send me a PM , I can send you the still a mess code for the next version of GOGrepoc but it does actually have fully working GOG OAuth code you can copy)
Whenever? Even after a day or longer? The API doc gave me the impression that the whole OAUTH data expires after an hour which means that the refresh_token also becomes invalid. Or in other words that the refresh had to be done within the hour of validity to get new OAUTH data before the old expires.
If that is not the case and the refresh_token stays valid even after expiration of the access_token then I can skip the login if I have an old token that I can use to get a new one.
But that leads to several new questions: Do you know how long the refresh_token stays valid? Days, weeks, months? If I try to use the old refresh token to get new OAUTH data how do I know if that succeeded? Is the result I get on a failed attempt not a valid JSON file? Or do I have to check the HTTP status code (401 or 403)? Does an attempt to refresh OAUTH with an invalid or expired refresh_token put me on the blacklist?
Thanks for offering code but that's not really neccessary. The problem isn't producing code. The problem is coming up with a valid program logic when the server's behaviour isn't fully documented and the data the server returns is woefully incomplete.