I need Cognito refresh token to exchange a refresh token for tokens from /oauth2/token endpoint: https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
But I spent a lot of time and couldn't find how to get this refresh token...
Also I can't understand how to get "Authorization" header to make post request if in my app I have only Client_id, but not client_secret.
Related
Execute compute engine
api(GET https://compute.googleapis.com/compute/v1/projects/{project}/zones/{zone}/instances/{resourceId}) with oauth 2.0 client id.
I created an OAuth2.0 client ID and got access_token and refresh_token based on the steps on this site.
Obtaining OAuth 2.0 access tokens
Refreshing an access token (offline access)
I can execute api with access_token which was refreshed.
after 3days, run this step again,
https://developers.google.com/identity/protocols/oauth2/web-server#offline
response was
json
{ "error": "invalid_grant", "error_description": "Token has been expired or revoked." }
why expired refresh_token?
refresh_token
A token that you can use to obtain a new access token. Refresh tokens are valid until the user revokes access. Again, this field is only present in this response if you set the access_type parameter to offline in the initial request to Google's authorization server.
There are a lot of things which can cause a refresh token to expire.
you are using a gmail scope and the user changed their password.
it has not been used in six months.
the user has revoked your access in their google account.
If the user runs your app you get a refresh token, if they run it again you get a different refresh token, you can do this up to 50 times and get new refresh tokens and they will all work after number 50 the first one will expire. Make sure you are always saving the most resent refresh token.
your app is currently in testing and has not been set to published and has not been though the verification process.
Documentation link for expiration
Does the CloudFoundry UAA support token refresh for logged in user.
I'm currently logged in using the "cf-cli" via the SSO passcode. After a week or so the session expires and I have to log in again.
Is it possible to refresh the token in the $HOME/.cf/config.json upon expiry ?
As per this https://www.rfc-editor.org/rfc/rfc6749#section-6 , we should be able to refresh the token by passing
grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA options.
However, it expects the client_id or client_secret to be present i.e use BASIC Auth.
Can we do with a currently logged in user ?
You can refresh an access token, but you cannot refresh a refresh token. When your refresh token expires, you must login again.
The refresh_token from config.json is a JWT token, so you can use a tool like https://jwt.io to view the token and see when it expires. Your refresh token will expire at some point, it just depends on how long your administrator allows it to last. A week sounds pretty standard.
Hope that helps!
I have developed an api wgich is protected using token authentication. I m able to fetch the token once when logging in to the webapp. The token is stored in a cookie. Every call to the api contains the token. But what after the token expires?
I've been unable to figure that out. How should I request a new one? I know I can request a new token using the login credentials. But what if the token expires every 300 seconds?
And what is the ideal duration before it expires?
Have I kept it too short-lived?
Any help is appreciated.
How can I turn off all the refresh tokens google calendar?
Cumps
It's not clear whether you wish to revoke an existing refresh token or prevent refresh tokens from being included when you authorize.
To revoke a refresh token:
curl https://accounts.google.com/o/oauth2/revoke?token=<refreshtoken>
To prevent receiving of a refresh token:
access_type=online
I am attempting to refresh a LinkedIn user's access token given their current access token. This is the documentation that I am following: http://developer.linkedin.com/blog/tips-and-tricks-refreshing-access-token
The steps I follow:
Make a POST request to the requestToken endpoint (https://api.linkedin.com/uas/oauth/requestToken)
Make a POST request to the authenticate endpoint passing the request token as a parameter.
After this the response should be a newly refresh access token but I am receiving a 302 response instead.