We are using OAuth to get Access Token and Refresh Token. But Access Token is getting expired fast.We need token with long validity.
How can we achieve this?
In Dynamics CRM, Access tokens are expired in 3600sec. But refresh token will not expire. So you need to generate the new
accesstoken using the refresh token.
If you want refer below page, It will useful for you.
https://learn.microsoft.com/en-us/previous-versions/azure/dn645542(v=azure.100)
Related
The GitLab access_token has an expiry time of 2hours, similarly does the refresh_token also has some expiry time?
Because sometimes, when I use the refresh_token to get new access_token it throws invalid_grant error.
I am thinking refresh_token does not have any expiry_time.
I am thinking refresh_token does not have any expiry_time
Indeed but they are linked to access_token.
In "Supporting Expiring OAuth Access Tokens for GitLab", GitLab explains:
How do you handle expiring tokens?
Once a token has expired, your API requests will fail and you will be
prompted by GitLab to generate a new token.
To do this, you must make another request to GitLab’s OAuth endpoint.
Much like the initial link, you must provide your application’s Client
ID and Client Secret, but instead of passing the linking code, you
will pass in the user’s refresh token.
This will invalidate both the existing access token (if it is still valid) and the refresh token you just used, and return a new
access token and refresh token.
The access token will be valid for another two hours. You will need
to store the new refresh token, as this token will be used the next
time you request a new token.
If I refresh an OAuth2 access token, is the current (old) token valid or invalid? Will the old access token valid until it receive its expired time?
In my applications there are multiple threads that use the same access token parallel. If the access token is going to its live end, for example there is only a minute until it expired, then one thread request a new access token with an refresh token.
Does I need a read lock on the access token to prevent a refresh on using the access token?
I'm making a function to post to google my business automatically by using Google my business API by javascript and firebase. The access token is obtained by authentication using Google Sign In.
However, the access token has an expiration date, so I have to renew it using a refresh token.
Can I use the "user.refreshToken" shown in the image below as the refresh token to be used in this case?
Thanks in advance.Data retrieved upon sign-in
Yes, you are right. In general, the refresh token in an OAuth2.0 flow can be used to retrieve a new access token, which can then be used again to access resources. The refresh token normally has a much longer expiration date than the access token hence you can implement functionality like "remember me" using the refresh token.
I am implementing the authorization and authentication flow for an API. I was thinking of two-legged OAuth (as the API is only going to be used by us, not third-party applications). But I found some problems regarding to tokens and their expiration periods.
I would request an access_token to /ouath/token with the username and password of the user. This endpoint should return an JWT as access_token.
Next requests to the API will use that JWT to authenticate the user.
JWT's are supposed to expiry in a period time (1 day for example). I have read I need to implement a refresh endpoint in which the app could refresh the JWT in order no to ask the user for username and password every day.
So, ¿how could I generate that refresh_token? JWT's don't need to be stored in the DB (because of the crypto behind them) but, ¿refresh_tokens shoul be stored?
Thanks in advance
You could implement it either ways, both have their pros and cons.
send the refresh token as a JWT with longer expiry date.
can't revoke the refresh token when needed
do not need a DB to store the token
send as a random token and store it in DB and associate with user and client.
you can revoke the refresh token whenever you want
you will require a DB to store the token
I am using Oauth to access Google Cloud Storage via their JSON API.
All is fine, I authenticate and get an access token which has an expiration of 3600.
What is the correct way to refresh this?
It is my understanding that in other types of oAuth flows (i.e. Web Server), the initial authorization request returns a refresh token as well as an access token, and that the refresh token is used to ask for another access token when the current access token has expired.
But is appears that there is no refresh token when doing server-to-server oAuth with a Google "Service Account"?
Found the answer.
https://developers.google.com/accounts/docs/OAuth2ServiceAccount#expiration
Access tokens issued by the Google OAuth 2.0 Authorization Server
expire one hour after they are issued. When an access token expires,
then the application should generate another JWT, sign it, and request
another access token.