Many users report that the google account needs to be reauthenticated often (even everyday).
I couldn't personally reproduce it, so I cannot give a detailed explanation; if you are affected by this bug, it just happens that the system indicator will turn red and that the Google account will be markes as needing reauthentication. Sometimes after one day, sometimes after one week (different users have reported different times).
The proposed fix changes the google authentication process in order to take the OAuth "refresh tokens" into use; refresh tokens have an expiration date much farther away then access tokens, that are usually short lived.
The linked branches from account-plugins and signon-plugin-oauth2 are both essential for the resolution of this bug: the first one is a change to the account settings, which makes the Google plugin authenticate using a different method, which takes the OAuth "refresh tokens" into use; the change in the signon-plugin-oauth2 fixes the problem where the refresh token was getting deleted from the database.
The risk impact is minimal: the change to the Google plugin (in account-plugins) simply changes the authentication method, in a way that is well-documented. The change in signon-plugin-oauth2 affects only those accounts/providers which use the refresh tokens -- which is only Google, at the moment -- and in a way that can't possibly break any existing functionality; if the new code had some mistake, the situation would be in any case not worse than the previous one.
A summary about this bug and the proposed fixes:
Many users report that the google account needs to be reauthenticated often (even everyday).
I couldn't personally reproduce it, so I cannot give a detailed explanation; if you are affected by this bug, it just happens that the system indicator will turn red and that the Google account will be markes as needing reauthentication. Sometimes after one day, sometimes after one week (different users have reported different times).
The proposed fix changes the google authentication process in order to take the OAuth "refresh tokens" into use; refresh tokens have an expiration date much farther away then access tokens, that are usually short lived.
The linked branches from account-plugins and signon- plugin- oauth2 are both essential for the resolution of this bug: the first one is a change to the account settings, which makes the Google plugin authenticate using a different method, which takes the OAuth "refresh tokens" into use; the change in the signon- plugin- oauth2 fixes the problem where the refresh token was getting deleted from the database.
The risk impact is minimal: the change to the Google plugin (in account-plugins) simply changes the authentication method, in a way that is well-documented. The change in signon- plugin- oauth2 affects only those accounts/providers which use the refresh tokens -- which is only Google, at the moment -- and in a way that can't possibly break any existing functionality; if the new code had some mistake, the situation would be in any case not worse than the previous one.