I've integrated facebook with my app using facebooker2 and Mogli. Now offline_access is removed from the facebook. I'm able to get token but its getting expire in 2 hrs, also If user get logged out from facebook, Its also get expired.
I wanted to renew the tokens but I can not do that by following code
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
As I could not get when user get logged out from the user. If any how I can know when user get logged out from Facebook , still I can not exchange the tocken as its already get expired. and access_token only works before the expiration of a token.
Any Idea, if I have 60 days expiration token or renew the token before get expired.
Thanks in advance for any help you are able to provide.
Related
I have a social media platform and I'm using cognito for auth. When I delete users, they are not logged out, how can i deactivate tokens
The token validity is 1 day. I waited for 1 day but it didn't log out.
I may be wrong, but it sounds like you don't clearly understand what is JWT and how it works.
Here are two types of JWT tokens: access token and refresh token.
access token can't be invalidated for single user until it expires. It is using for user authentication. In other way refresh token is using for new access tokens creation. By default, expiring time of refresh token is 30 days. So, user able generate new access token even if it expired until refresh token is valid.
You have to revoke refresh token when deleting user. Also expiring time of access token should be pretty short (e.g., 30 minutes). In this case user will be able login only 30 minutes at max after refresh token revocation.
Here is no info in your question about token revocation and which of tokens valid until 1 day, so I hope this info will help you figure out how it works.
After googling we came to know that invalid_grant which means refresh token is invalid.
Link to google oauth doc
We don't have any of these issues mentioned by google. Is this error related to something else rather than a refresh token.
More Info
We have access to read, write spreadsheet and send gmail
We fetch an access token for each request
Any help would be appreciated.
We're already in production and verified by google
Without seeing the full error message that being
Invalid_grant {Message here}
It is hard to help but from my experience is most often caused by one of the following.
Refresh token expire, app not in production.
There are serval reasons why a refresh token can expire the most common one currently is as follows.
A Google Cloud Platform project with an OAuth consent screen configured for an
external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.
The fix is to go to google developer console on the consent screen and set your application to production, then your refresh token will stop expiring.
invalid_grant: Invalid JWT
{ “error”: “invalid_grant”, “error_description”: “Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values and use a clock with skew to account for clock differences between systems.” }
Your server’s clock is not in sync with NTP. (Solution: check the server time if its incorrect fix it. )
invalid_grant: Code was already redeemed
Means that you are taking an authentication code that has already been used and trying to get another access token / refresh token for it. Authentication code can only be used once and they do expire so they need to be used quickly.
Invalid_grant: bad request
Normally means that the client id and secrete you are using to refresh the access token. Was not the one that was use to create the refresh token you are using.
Always store most recent refresh token.
Remember to always store the most recent refresh token. You can only have 50 out standing refresh tokens for a single user and the oldest one will expire. Depending upon the language you are using a new refresh token may be returned to you upon a refresh of the access token. Also if you request consent of the user more then once you will get a different refresh token.
User revoked access
If the user revoked your access in their google account, your refresh token will no longer work.
user changed password with gmail scope.
If your refresh token was created with a gmail scope and the user changed their password. your refresh token will be expired.
Links
Oauth2 Rfc docs for invalid_grant error rfc6749
invalid_grant
The provided authorization grant (e.g., authorization
code, resource owner credentials) or refresh token is
invalid, expired, revoked, does not match the redirection
URI used in the authorization request, or was issued to
another client.
Execute compute engine
api(GET https://compute.googleapis.com/compute/v1/projects/{project}/zones/{zone}/instances/{resourceId}) with oauth 2.0 client id.
I created an OAuth2.0 client ID and got access_token and refresh_token based on the steps on this site.
Obtaining OAuth 2.0 access tokens
Refreshing an access token (offline access)
I can execute api with access_token which was refreshed.
after 3days, run this step again,
https://developers.google.com/identity/protocols/oauth2/web-server#offline
response was
json
{ "error": "invalid_grant", "error_description": "Token has been expired or revoked." }
why expired refresh_token?
refresh_token
A token that you can use to obtain a new access token. Refresh tokens are valid until the user revokes access. Again, this field is only present in this response if you set the access_type parameter to offline in the initial request to Google's authorization server.
There are a lot of things which can cause a refresh token to expire.
you are using a gmail scope and the user changed their password.
it has not been used in six months.
the user has revoked your access in their google account.
If the user runs your app you get a refresh token, if they run it again you get a different refresh token, you can do this up to 50 times and get new refresh tokens and they will all work after number 50 the first one will expire. Make sure you are always saving the most resent refresh token.
your app is currently in testing and has not been set to published and has not been though the verification process.
Documentation link for expiration
Does the CloudFoundry UAA support token refresh for logged in user.
I'm currently logged in using the "cf-cli" via the SSO passcode. After a week or so the session expires and I have to log in again.
Is it possible to refresh the token in the $HOME/.cf/config.json upon expiry ?
As per this https://www.rfc-editor.org/rfc/rfc6749#section-6 , we should be able to refresh the token by passing
grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA options.
However, it expects the client_id or client_secret to be present i.e use BASIC Auth.
Can we do with a currently logged in user ?
You can refresh an access token, but you cannot refresh a refresh token. When your refresh token expires, you must login again.
The refresh_token from config.json is a JWT token, so you can use a tool like https://jwt.io to view the token and see when it expires. Your refresh token will expire at some point, it just depends on how long your administrator allows it to last. A week sounds pretty standard.
Hope that helps!
I logged-in to facebook manually, creating accesstoken, logged out.
Tried to publish in my timeline using my java app, I got
java.lang.Exception: {"error":{"message":"Error validating access token: The session is invalid because the user logged out.","type":"OAuthException","code":190,"error_subcode":467}}
I've ticked the check box for publish_stream and offline_access at least while creating access token.
How could I publish in my timeline without getting logged manually each time.
The offline_access is deprecated.
The most easy way is to use page token because this is an unlimited session token.
See there how to get it : Facebook Access Token for Pages