We are working with a 3rd party provider that is trying to integrate our phone system with Jira. I have set up an OAuth 2.0 App that will grant them permissions to pull custom field values without having Jira admin permissions.
They take the token and get a refresh token each time. They are working on a script to kick off a call to the api using the Oauth 2.0 refresh token every time a call comes in.
My question is what if two calls are made at the same exact time. Will this break the refresh token?
also, is there a way I can get them a token that does not have to refresh and does not expire where they can query custom fields without having admin access to our system?
We set up an Oauth 2.0 app
https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/
Related
I am upgrading an older OAuth 1.0 TBA setup to OAuth 2.0 without the TBA.
I have on the Sandbox the Client Credentials Flow working. This setup will not work on the production, since the web users are not logged in on NetSuite or NetSuite clients. The refresh token currently expires every seven days, I can’t create a backend script that somehow opens a Session on NetSuite (with my credentials logging into NetSuite), redirects the URL, and gets a code parameter value so I can finally generate a new refresh token. That seems extreme and not secure.
Is there something I am missing on the whole token refresh?
That brings me to another question. NetSuite is a bit confusing to me. If I want to try out the OAuth 2.0 Client Credentials Flow, can I just create a new Integration application? Set up a new code base structure without crashing the one that I currently have working.
I'm having an Angular application that performs user authentication via Microsoft account. For this, I'm using the MSAL JS library which does work fine to authenticate the user. But we have the requirement where our backend server requires to call Microsoft Graph APIs. Now the issue is that the MSAL library returns access_token which has got a life span of 1 hour and so it can not be used once it is expired from our backend server.
So I'm looking for a way where I can get an authorization code, which can be exchanged from our back end server to get the access token and refresh token. And as we've got the refresh token as well, we can refresh the access token whenever it gets expired considering a refresh token is still valid.
I'm not sure if this is possible via the MSAL library or not, or if there is any other alternative available for SPA to support the case, I've described above.
It is possible with MSAL.js 2.0 which is a drop-in replacement for MSAL.js 1.x and supports the authorization code flow for Single page applications. With MSAL.js 2.0 you can use the authorization flow with PKCE and refresh tokens in the Microsoft identity platform to keep users signed in while third-party cookies are blocked.
Read more here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-javascript-auth-code
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow
https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-third-party-cookies-spas
I am using Google APIs in my application and the oauth2 refresh token expires after 1 hour. I am using this refresh token to execute a task which runs daily. I create the refresh token using the OAuth2 playground. Is there a way to extend the expiration time of a refresh token? (1 month)
I think that you have your terms confused here.
As per Oauth2 access tokens expire after one hour. Access tokens are used to request access of an api and return the data that you need. There is no way to extend the lifetime of an access token beyond one hour. You need to use a refresh token to request a new access token.
Refresh tokens are extremely long lived and do not normally expire. Refresh tokens are used to request a new access token. Refresh tokens for the most part do not expire if one is not used in six months though google will automatically expire it. Also if the user removes your access then the refresh token will also automatically expire.
If you are creating your refresh token using the Outh2 playground which is intended only for testing purposes it will also expire.
If you are using the oauth2 playground to create your refresh token then you should not be doing this you should be creating your own application to request the tokens.
As already explained the refresh tokens created using the OAuth 2.0 Playground are automatically revoked after a few hours because the playground is mainly for testing purposes. However you can configure the OAuth playground to use your own app credentials (use the 'wheely' icon top right). If you use your own app credentials the refresh token will not be revoked.
That said it looks like you want to run a background service that accesses Google APIs. For this you may want to use a Service Account if you are not accessing a specific user's data.
I'm building an application that needs to have access to Google Drive and Google Sheets. I want the user to go to https://mydomain.appspot.com/authenticate to go through the Google login flow and authenticate themselves so that the backend receives access tokens for both Google Drive and Google Sheets.
After that I want the backend to be able to access Drive and Sheets without user interaction. For example, I would like a scheduled task to run every hour and retrieve some data from Drive and Sheets. I want the backend to use the token it received when the user authenticated themselves.
Is this possible? I really hope so. I have been looking here and I don't really find anything that can help me. https://developers.google.com/sheets/api/guides/authorizing
The backend is developed in Java and deployed on Google App Engine.
A long lived access token is actually called a refresh token. You will need to have your users authenticate your application then you will receive a refresh token. the refresh token can then be used to request a new access token from the Google authentication servers when ever you need.
Note: Do not get yourself side tracked with serviced accounts its not the same thing. You can run automated scripts using a refresh token gained from Oauth2, googles terminology is just a little confusing.
Check out the official google java client library it should handle most of it for you. Using OAuth 2.0 with the Google API Client Library for Java
You need to setup Offline Access as defined at:
https://developers.google.com/identity/protocols/OAuth2WebServer#offline
After a user grants offline access to the requested scopes, you can continue to use the API client to access Google APIs on the user's behalf when the user is offline. The client object will refresh the access token as needed.
So I read the following on the Authorizing Requests to the Google Calendar API page written by Google folks.
Your application must use OAuth 2.0 to authorize requests. No other authorization protocols are supported. If your application uses Google Sign-In, some aspects of authorization are handled for you.
My knowledge of OAuth 2.0 is limited so I'm not sure if that means that I cannot get a one-time auth token for a user?
I'm building an app that will need to CRUD events for a user in the background based on other stuff. So I can't have the user authenticate over and over again. Is there a way around here?
If not, is there an Google Calendar alternative that has a dependable API that I could use?
When the user authenticates your application you are given an Access token (good for one hour) and a refresh token. You should save the refresh token, when ever you need to access the users data you can take the refresh token and ask Google to give you a new access token. It is the access token which gives you access to there account.
I wrote a tutorial that tries to explain Oauth2 how to set it up and how it works. Google Developer console Oauth2