I am using Django-oauth-toolkit for social authentication. How to check if access token is expired so that I can send the request for a new access token by sending refresh token.
Related
I'm using django-oauth-toolkit with djangorestframework where our partner user will register their application and get application credentials (client id and client secret) which then used to get access token that can be used further to get our server resources. Upto now I'm able to convert those form based application registration process and other apis through rest. But while I hit for access_token only access token with expire are coming as response. Refresh token also supposed to come along the access token but it's not. What I'm missing here...
Below is the sample api response for access_token
And the oauth2 settings
FYI: I'm using Client type as "Confidential" and Authorization grant type as "Client Credentials"
Findings: This may be helpful for others
There is no need for refresh token for grant type client credentials.
Further descriptions RFC doc ; grant type client credentials
I have developed an api wgich is protected using token authentication. I m able to fetch the token once when logging in to the webapp. The token is stored in a cookie. Every call to the api contains the token. But what after the token expires?
I've been unable to figure that out. How should I request a new one? I know I can request a new token using the login credentials. But what if the token expires every 300 seconds?
And what is the ideal duration before it expires?
Have I kept it too short-lived?
Any help is appreciated.
I'm creating an API for an android application I'm using Django Rest framework JWT token for API authentication. In perticular case, I want to deactivate the token which is activated for a particular user.
JWT is stateless auth which means it is not stored anywhere on server. When you send JWT token in header of request your server just check if token is valid. Therefore you cannot deactivate token - you can only delete it in your Andriod app. More on JWT here.
I am using WSO2 access Grant for securing a web application.when the user logs in with right credential, I generate the token successful by invoking /oauth2/token service. I store this at the client side and when user invokes the next set of APIs, user hits my API with this token. How can validate the token now ?how can I validate the token to check the scope ? Which serviceI can use for validating the token and user is passing the right token associated with him??
You can use OAuth Introspection Endpoint[1] to validate the token,scope
[1] https://docs.wso2.com/display/IS530/Invoke+the+OAuth+Introspection+Endpoint
Is there a way to generate JWT token directly from WSO2 identity server for a OAuth 2.0 resource owner flow (password grant)? Currently the identity server gives back a access token which has to be sent to validation service to get back back a JWT Token .
Also an observation that the JWT Token comes back with the '/' character escaped.