Expired token and other error handling

[pacovell]

I need to have a way to customize handling of expired tokens. Right now this is handled in server.rb:264:

        if token
          begin
            access_token = AccessToken.from_token(token)
            raise InvalidTokenError if access_token.nil? || access_token.revoked
            raise ExpiredTokenError if access_token.expires_at && access_token.expires_at <= Time.now.to_i
            request.env["oauth.access_token"] = token

            request.env["oauth.identity"] = access_token.identity
            access_token.access!
            logger.info "RO2S: Authorized #{access_token.identity}" if logger
          rescue OAuthError=>error
            #5.2.  The WWW-Authenticate Response Header Field
            logger.info "RO2S: HTTP authorization failed #{error.code}" if logger
            return unauthorized(request, error)
          rescue =>ex
            logger.info "RO2S: HTTP authorization failed #{ex.message}" if logger
            return unauthorized(request)
          end

I can think of two ways to easily handle this: (1) A la cancan authorization, we allow the exception to propagate instead of rescuing it, and then it can be caught at a higher layer and managed; (2) insert some kind of handler hook that allows structuring of a response.

Specifically, in this case I am using the authorization in a session with a normal web browser, and so I need to redirect the user to a login page when the token expires.

Any thoughts on better / good ways to solve this?

[pacovell]

False alarm, this was fixed by the expired token pull request in issue #17 (fixed 2.7.0 release). Pulled it in and we're good to go.