I have created an web app which fetched users drive information and show it on a browser. It is working fine for single user but when I try this app with different account it still shows same result for both the user. I checked the logs and there are different access token different user. When I am fetching the result from http get call using those access token I get different result. I think some issue is there with the Google api php client.
Maybe related to #819?
Yes, how to fix? Bug?
Problem in version google/apiclient:^2.0.0@RC
Version "google/apiclient": "1.0.*@beta" is worked correct.
Ok more information, I've tried with different versions of the google/apiclient, the google/auth and guzzlehttp/guzzle. The summary is as follows:
| APICLIENT | AUTH | Guzzle | Result |
| --- | --- | --- | --- |
| 2.0-RC1 | 0.3 | 5.2 | OK |
| 2.0-RC2 | 0.4 | 5.2 | OK |
| 2.0-RC3 | 0.4 | 5.2 | OK |
| 2.0-RC4 | 0.5 | 5.2 | error |
| 2.0-RC4 | 0.5 | 6.0 | error |
In conclusion, from 2.0-RC1..RC3 it's working but RC4 shows the issue
Waiting to fix))
The problem is the underlying google/auth library's caching implementation is broken. The cache keys which get generated are not unique.
I've removed the caching entirely for now in #842
This is now fixed in RC5. Please update to this version and reopen this issue if the problem continues.
Thank you!
The issue should be reopened.
I use this lib in a worker which maintains cache in memory.
Each time a message is consumed, I set the new access token (for a different user) but the previous one is preserved. This leads to a dangerous security concern.
I believe the cache should be disabled by default (even MemoryCacheItemPool for persistent scripts handling many tasks).