OAuth2 sample logout from sparklr2 and production use

[abhisec]

Hey Guys,
I am trying to add oauth2 to my code and was able to run the latest sample from github. I saw a weird issue though when i logout from sparklr, the photos are still visible in tonr app. Is that the intended behavior because token grant was for a time period? I would assume it will clear all tokens and make them invalid on logout? If not what is the correct way to invalidate all tokens?

Also, since oauth2 is not yet released is milestone 6 (M6) the best release to use in production? Are there any gotchas with using oauth2 in prod?

Thanks,

[Dave Syer]

I would assume it will clear all tokens and make them invalid on logout? If not what is the correct way to invalidate all tokens?

Tokens are invalidated by the ConsumerTokenServices. If you want to invalidate a token on logout you need to use that interface in your logout controller. (It's not very common to invalidate tokens on logout - most users prefer not to re-approve the token grant on every login.)

Also, since oauth2 is not yet released is milestone 6 (M6) the best release to use in production? Are there any gotchas with using oauth2 in prod?

I know that people are using it. M6 is quite a bit different in a number of ways than the current codebase (close to RC1), so the biggest risk is that you have to make changes to your app when you upgrade. If you don't do a lot of customization it might not be too bad.