I am using Admin SDK. I am retrieving 30 users per request. I am using nextPageToken to get next 30 users. Can anyone tell me how long is the nextPageToken?
nextPageToken doesn't have validity timeout. It's just pointer to specific location in the index.
Related
I have a requirement where I need to communicate with Snowflake Sql-Api in the back-end from my application. As I come across the snowflake sql-api documentation, it supports authentication using either oauth access token or JWT token generated with keyvaluepair. For this, I am having a configuration property in my application to configure the access token with customer in properties file.
However, I see that oauth token generated has maximum expire period of 10 minutes and JWT token has maximum expire period of 60 minutes. In our use-case having the shorter expiry period is not feasible as user can't change the properties file regularly and restart my application.
I would like to know what is the way to have access token configured with long expiry period like 30/90 days etc or the way I can communicate with snowflake sql-api as per my use case.
Looking forward to hear from you.
Thanking you in advance.
What is the Order in which the message list returns the messages. i.e message.list api? Whether it is based on the message timestamp or any other field.
If I want to sync a very large mailbox and I fire a message.list api, then I get a pageToken for pagination, so how long is the pageToken valid? For eg if I get a page token X and I fire the api to fetch the next page after 6-7 hours will I still get the expected response.
As this pageToken validity is not mentioned in the gmail api doc, any approach on how can full mail sync be done if the service which is syncing the mailbox restarts.
If I remember correctly the order of returned emails is "newest first, to older ones". I don't believe a pageToken would expire in 6-7 hours but why would you wait for so long to get the next page? If you care about getting new emails a few hours later then you want to use the history methods, starting with startHistoryId that you get from your full load.
I'm looking for a way to silently verify that a user is still present in Active Directory after initially using AD to authenticate them.
My code for the user authentication looks like this:
var authenticateResult = await app.AcquireTokenAsync(settings.Scopes, username, UIBehavior.ForceLogin, "");
Where app is an instance of PublicClientApplication and username is a previously remembered username, if any, otherwise blank.
If this authentication succeeds, my app creates a persistent JWT token, stores it in local preferences, and uses that token for a long time (up to 60 days). If my app is closed and re-opened during that time, it re-uses the stored token and skips the AD authentication.
The problem I'm having is that my customer wants the app to check periodically (every hour or so) to ensure that the user's Active Directory access is still valid, and they want to do this without interrupting the user or presenting any UI. I tried using UIBehavior.NoPrompt, but that didn't work, I still got a prompt. I also tried using app.GetAccountAsync or GetAccountsAsync, since all I really need to do here is to ensure that the user's account still appears, but this doesn't work either (the calls return nothing).
I proposed to my customer that we simply lower the lifetime of the JWT token, but they don't want to do this. They want their users to be able to keep using the app for 60 days without logging in, unless they remove the user from AD during that time.
What's the best way to accomplish this?
The best way is to use refresh token.By default, access tokens expire after 1h. So it is recommended forcing a refresh every 30 min, or half the lifetime of the AT when this is a custom lifetime. The default value of refresh token is 90 days, 14 day inactive sliding .
So, If we want users to keep using the app for 60 days then we need o stop fetching refresh token on 60th day.
If we want to check user is in AAD programmatically. Then we can use MS Graph. Please go through Ms graph document for more details.
The C# code snippet is available below,
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var users = await graphClient.Users
.Request()
.GetAsync();
Ms Graph sample where we can test the above snippet is here.
I'm developing a web-frontend to configure a hardware device (almost like a router), wich runs a nodejs backend to serve an Angular Frontend for Configuration. I use JWT to secure stateless requests to the backend. One feature is to set the system time via the Frontend, by issuing a command to the backend, which sets the local machine time, to deal with timezones. Problem is, when the time change is more than the 30 min in the past, the user gets logged out due to session timeout. What would be the best way to solve it? My approach was to set the timeout to indefinite, change system time and change the timeout back to 30 min, using a refresh token. Any other ideas? Thanks.
If you ask me, using expiration time in JWT when system time can change does not make sense. So my options would be:
- Do not use expiration time at all
- Use refresh tokens
- Revoke all issued tokens
- Time history: Accept the old tokens by calculating the date they were issued. You can know when a token was issued by adding a unique and incremental jti identifier. When system time changes, store the current jti value and the difference between old and current time
jti - time diff
You can empty the list when the maximum expiration time is exceeded
You could implement a refresh token. So whenever the access token expires, the user can request a new access token, using the refresh token.
For a calendar app, I want to sync users calendars (events) to my database. For now, I need title, start, end, recurrence and reminders/alerts. I am thinking, I will get these information from app and store it to a database. To make things easy (implementing recurrence maybe hard), I thought of using a hidden Google Calendar account on the server as a database.
Server will use a "hidden" Google Calendar account
App (iOS) will get calendar information from user's iCal via EventKit
Passes server this information which is saved to Google Calendar
So 1 user calendar becomes 1 hidden google calendar
But I think I might encounter some problems with API limits?
I might need to re-authenticate to refresh the access token? Is there a token I do not have to refresh?
Is the limit on the number of calendar I can have 10,000? What if I need more? Isit even possible? Or is it 10,000 for "a short period of time".
Is this possible? Or is the only option a self build system.
The quota for the Google calendar API is Queries per day 1,000,000 if you go over that you can always request additional quota as far as I know it doesn't cost anything to extend your quota.
Once you have authentication to a user Google calendar account you will receive a refresh token. The refresh token can be used to gain a new access token when ever you need to access it. Refresh tokens don't expire unless a user removes your access.