See https://github.com/GPCsolutions/zenfusion-modules/issues/84

No user permissions are displayed on multicompany users (entity > 1)

Deactivate token and redirect user to authentication page.

Sample error:

Error refreshing the OAuth2 token, message: '{
  "error" : "invalid_grant",
  "error_description" : "Token has been revoked."
}'

Accessed via the box

This module is a technical dependency to other modules and don't offer any user feature by itself.
It's built as a module so that the code can be shared amongst other modules.

When installed without any other modules, it issues a "NoScope" error that is not very helpful in understanding the problem.
Improve the message by providing to the user the information that he needs to install at least one other module from the ZenFusion family.

After implementing #15, we can implement a workflow similar to the single user workflow but for Google Apps domains using a (dummy) marketplace application.
Again, explore the possibilities of this technology and draft a feature.

Find a way to display available and active scopes in a human friendly way.

Tentative features:

• Allow to choose which service(s) we want.
• Suggest new available scopes when a new ZenFusion module is installed.

The module does no check enough that the parameters are correctly set.

This leads to weird white pages with the contact module.

The Google API expects full URLs including http(s)://
A misconfigured Dolibarr can generate URLs missing this.
Issue an error message to the user if the generated URLs are not complete.

See https://assistance.gpcsolutions.fr/otrs/index.pl?Action=AgentTicketZoom;TicketID=203;ArticleID=736

Dolibarr users can be disabled.

• Token and API access should be revoked on user disable
• Disabled users should not be listed on the frontpage status box
• Google user tab should be deactivated and page blocked for disabled users so that communication can't be reestablished (i.e. by an admin)

When Zenfusion_Oauth2Client.class.php is included (before call), the $object->datef in trigger was modified. (in my case 27/03 become 26/03). I try to investigated but loose the way in this file :/

The Javascript origin URI should only contain the protocol (http:// or https://) and the FQDN; no path is allowed.

Google Apps for Business allows using master tokens from the domain rather than individual tokens.
Explore the possibilities of this technology and draft a feature.

See https://github.com/GPCsolutions/zenfusion-modules/issues/85

See https://github.com/GPCsolutions/zenfusion-modules/issues/41

Errors should be properly catched.

Here's an exemple a client got faced with :
Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Error refreshing the OAuth2 token, message: '{ "error" : "invalid_client", "error_description" : "The OAuth client was deleted." }'' in /home/doozo/www/dolibarr/htdocs/custom/zenfusionoauth/lib/google-api-php-client/src/Google/Auth/OAuth2.php:327 Stack trace: #0 /home/doozo/www/dolibarr/htdocs/custom/zenfusionoauth/lib/google-api-php-client/src/Google/Auth/OAuth2.php(254): Google_Auth_OAuth2->refreshTokenRequest(Array) #1 /home/doozo/www/dolibarr/htdocs/custom/zenfusionoauth/lib/google-api-php-client/src/Google/Client.php(364): Google_Auth_OAuth2->refreshToken('1/DGtyBK9SIFEqw...') #2 /home/doozo/www/dolibarr/htdocs/custom/zenfusionoauth/lib/tokens.lib.php(123): Google_Client->refreshToken('1/DGtyBK9SIFEqw...') #3 /home/doozo/www/dolibarr/htdocs/custom/zenfusionoauth/lib/tokens.lib.php(96): refreshTokenIfExpired(Object(stdClass)) #4 /home/doozo/www/dolibarr/htdocs/custom/zenfusiondrive/class/actions_zenfusiondrive.class.php(57): getToken(Object(Doli in /home/doozo/www/dolibarr/htdocs/custom/zenfusionoauth/lib/google-api-php-client/src/Google/Auth/OAuth2.php on line 327

The email address used for authenticating is in fact a login. It should not be correlated to the user's email address.

Using the user's email address as a fallback is still desired.

If accessed with a language other than US English or French, the instructions page displays the translation tokens not actual text making it unusable.
Find a way to fallback to US English when translations are unavailable.

Pros: Modern better API.
Cons: requires at least PHP 5.4, refactoring needed

See: https://github.com/google/google-api-php-client/blob/master/UPGRADING.md

See https://github.com/GPCsolutions/zenfusion-modules/issues/21

See https://github.com/GPCsolutions/zenfusion-modules/issues/23

Add a permission allowing (or not) getting a token.

See https://github.com/GPCsolutions/zenfusion-modules/issues/83