I need a help to make a decision related to integrating Microsoft Graph API to integrate office 365 Calendar, that can be accessed at any time.
So for this, I am going to follow the approach to store the Refresh_Token so that whenever I need to access calendar of users I can generate token using this refresh token.
Is it the correct approach to access an user calendar at anytime?
Pls share your views here.
Is it the correct approach to access an user calendar at anytime?
Yes, you are right. And we should refresh the accesstoken using the refresh token before it is expired.
Access tokens are short lived, and you must refresh them after they expire to continue accessing resources. You can do so by submitting another POST request to the /token endpoint, this time providing the refresh_token instead of the code.
For more detail, we can refer to this document
Related
I'm making a function to post to google my business automatically by using Google my business API by javascript and firebase. The access token is obtained by authentication using Google Sign In.
However, the access token has an expiration date, so I have to renew it using a refresh token.
Can I use the "user.refreshToken" shown in the image below as the refresh token to be used in this case?
Thanks in advance.Data retrieved upon sign-in
Yes, you are right. In general, the refresh token in an OAuth2.0 flow can be used to retrieve a new access token, which can then be used again to access resources. The refresh token normally has a much longer expiration date than the access token hence you can implement functionality like "remember me" using the refresh token.
I am going to be writing an app that uses the Google calendar API to pull data from a user's personal calendar, and I was wondering if there was a way to do this as like a one time thing, i.e. they will authorize access to their calendar and the user won't have to do that again and the app will keep getting to use the calendar. Thank you!
You should use a refresh token. When authorizing, you can obtain a refresh token along with it. Your refresh token can be used to obtain new access tokens for accessing calendar in this case. The refresh token does not expire and can be kept for future use.
Why not use just one for everything? Refresh token doesn't change by default, so why bother to get an access token every hour? API: https://developers.google.com/youtube/2.0/developers_guide_protocol_oauth2#OAuth2_Server_Side_Web_Applications_Flow
They choose that the given access does not last forever: So you need to get a new access token once it has expired.
The purpose of the refresh token is that you have to ask the user for permission only one time.
Here's a good discussion on the topic.
When you get a refresh token, you also need the client ID and secret. With an access token, you can make API calls using just that. A lot of this comes form learnings from OAuth 1.x, which had a much more complex signing protocol - it just caused lots of bugs and problems with client/server protocol mismatch. Using only an access token made API calls, the most important part of OAuth, much easier to implement and maintain.
I am using Scribe to access the LinkedIn API. I am saving the Access Token along with the Access Token Secret in the database and use them every time I call the API.
The Access Token is supposed to expire 60 days after it has been generated.
I would like to automatically refresh the access token before it expires. I couldn't find a way to do it programatically without the user intervention.
You are not supposed to be able to refresh the access token without the user's intervention. The system was designed this way in order to protect the user's data from being accessed indefinitely.
Linkedin wants to ensure that you cannot access the user's data unless they are actively using your application. To me, if a user doesn't visit your application within 60 days, it means that they aren't using it, and you should not be able to access that data.
I hope this helps.
#params={:"oauth_token"=>"XXXXXXXXXXX",
:oauth_token_secret=>"XXXXXXXXXXX",
:oauth_expires_in=>"5184000"}
I need to download my Delicious bookmarks to a non-web application without constant user interaction. I'm using Delicious's V2 API (using oAuth) but the problem is it seems their access tokens expire after one hour.
I don't have any issues with redirecting the user to Yahoo for a one time authorization, but what is described here (http://developer.yahoo.com/oauth/guide/oauth-refreshaccesstoken.html) means I would have to refresh my access tokens all the time before they expire when the user is away.
Is this really the way they've done their oAuth implementation?
You only need to refresh the access token when they come to use the application again, not while they're away. You can pass the previously expired token and get a new one in return.
Is that a problem? You should only need to make an additional server-side call to refresh the access token if it expires (as long as the authorization itself has not expired, which should last longer, and would need user interaction when it expired).