I use this script:
https://developers.google.com/youtube/v3/code_samples/php#resumable_uploads
to upload videos to youtube. Everything works fine, but next day I have error:
An client error occurred: The OAuth 2.0 access token has expired, and a refresh token is not available. Refresh tokens are not returned for responses that were auto-approved.
I looked at some tips on how to fix this but I did not succeed. I am new to programming. Please help me fix this error.
You need to set the access type to offline which allows you to refresh the access token so you can authenticate the app without the user having to give authorization again.
Check the docs.
I can't test this now, but try the following. This isn't ideal though, you should be persisting the token somewhere.
// After "$client->setRedirectUri($redirect);" add:
$client->setAccessType('offline');
// After "$client->setAccessToken($_SESSION['token']);" add:
if ($client->isAccessTokenExpired()) {
$currentTokenData = json_decode($_SESSION['token']);
if (isset($currentTokenData->refresh_token)) {
$client->refreshToken($currentTokenData->refresh_token);
}
}
Related
I'm using the AppleAuth npm package in my server to submit token requests to Apple's servers during the sign in with Apple process. (This is based off the sample server code provided with the sign_in_with_apple package in pub.dev) I have no issues submitting the authorization code to get my first access and refresh tokens.
However, when trying to test how my app would get a new refresh token, when I submit a POST request to https://appleid.apple.com/auth/token with the grant_type set to refresh_token the response I get is different than from having the grant_type set to authorization_code.
I looked at the source code of the package, and for its AppleAuth(myConfig).refreshToken(myRefreshToken) (<- pseudo code lol) the only difference in the POST payload is:
{
grant_type: 'refresh_token', // instead of grant_type: 'authorization_code'
refresh_token: refreshToken, // instead of code: authorizationCode
... // other params
}
While the initial request with authorization code returns both an access token and a refresh token, for some reason the refresh token request is only returning the access token. I really don't think it's the package causing the error, nor can I see how my code would be the source either, since the above code is the only difference.
I tried passing the access token that it returns in a new refresh token request in order to test that I can get new refresh tokens whenever necessary in the future, but it returns a 400 status error.
Am I missing something here? Is there a reason the refresh token request returns no new refresh token? Or am I missing something entirely about how the process/flow is supposed to work? I am trying to do this for the "check the refresh token once daily to confirm the user is still in good standing with Apple's servers" part of the process.
I've really been stuck on what to do at this point. I can save the identity_token.sub field in my database to check whether my user is signed in, but of course I want to make sure my user's apple ID is still valid with apple, and that they haven't revoked access. Could it be that because I tried to get a new refresh_token too soon Apple only returned the access_token?
Oh also, the app itself is a Flutter app and I am testing all of this on my iPhone 11 so it's not an Android/Web flow.
Whether you get a new 'rolling / rotating' refresh token in a refresh token grant response is generally vendor specific:
You may get a new refresh token occasionally but not always
The primary purpose of this message is to get a new access token, not a new refresh token
In terms of token handling, the client should update its tokens similarly to the saveTokens method in this sample of mine.
I've not used Sign In with Apple but I suspect proceeding as follows would be the simplest solution:
Keep access tokens short lived: no more than 60 minutes
This forces a frequent token refresh, which by default is very quick
If the user's Apple Id is revoked I would expect this to return an invalid_grant response
I develop an app that should run on server, when the app is loading its being automatically signing in and works fine.
however after an hour when the token is expired i can't use the app again,
it works via http get, and so i get a error response token expired.
I need to add to the Get function condition that checked if token is expired if so to request for refresh token,
however when im trying to do so i get the error
AADSTS9002313: Invalid request. Request is malformed or invalid
i tried to reproduce it via postman and the same error occur, can you guys please tell me what i am doing wrong?
post https://login.microsoftonline.com/common/oauth2/v2.0/token
client_id : value
client_secret: value
grant_type : refresh_token
refresh_token: the current access token i saved when app was initiated
*i also have resource but when i add it i get an error that it is not supported so i deleted it.
thanks.
I was able to resolve it by checking manually the expired flag and if expired to create new connection to the request.
I have a hobby project in mind to use battle.net login. I'm wondering how I can obtain the access token from the API after receiving the authorization code.
This is Oauth flow question rather than a battle.net question.
Currently I can successfully authorize the user for my app which is registered in dev.battle.net and then I try to use the authorization code returned from the battle.net login to obtain the access token by sending a request to https://<region>.battle.net/oauth/token.
However I keep receiving this error:
{
"error": "unauthorized",
"error_description": "An Authentication object was not found in the SecurityContext"
}
I use postman extension to send post requests to that uri. I authenticate my request with my client id and secret. I pass redirect_uri (https://localhost), granty_type (authorization_code), code(the code returned from the previous authorization step). However I keep getting the error above.
I couldn't find much about battle.net online. There are other oauth related help articles but couldn't really find my way.
Wondering if you can help me with this easy stuff. I'm just wondering what I'm skipping here.
Here is the documentation:
https://dev.battle.net/docs/read/oauth
https://localhost is added in my mashery dev account's app settings.
Me again, I resolved this problem after trying almost every combination in the universe:)
Steps to apply:
Don't use the same authorization token for different access token trials, they are not valid
Always use https on every domain you test including localhost, you
redirect_uri must be https as well.
You must use the "basic authentication" in the header of your POST request while requesting the token from the authorization code you obtained from the previous step.
This is one of the most important ones: For requesting token, Pass redirect_uri, client key and secret as POST form parameters to the authenticated request. This is interesting because it's already an authenticated request; why would i need to pass my secret again? Anyways, that's how it works.
Here are the full text:
http://hakanu.net/oauth/2017/01/26/complete-guide-of-battle-net-oauth-api-and-login-button/
This is working prototype:
https://owmatch.me
Thanks.
I'm trying to integrate Future Payments in my iOS using Ruby SDK on server. According to instructions at https://developer.paypal.com/docs/integration/mobile/make-future-payment/ I follow the following procedure:
I receive OAuth2 token from mobile client.
I use FuturePayment.exch_token(oauth2_code) to exchange it for refresh and access token.
I expect a response similar to what's mentioned in https://github.com/paypal/PayPal-iOS-SDK/blob/master/docs/future_payments_server.md
But I receive just a string which is similar to access token. This is what I got in one of the calls: A015IvJ2HjzJgSI-Qve0VXT3LNKEi67KBGplwkGEptj3DCg
I tried using this token immediately to create a FuturePayment object and I succeeded eventually. But the problem is, since I dont get a refresh token, how would I be able to process/create FuturePayments for the same account in later future?
This looks like a bug in ruby SDK. Please open an issue on github.
Until fix is released, you can make future payment calls.
Exchange authorization code with Tokeninfo object that has both refresh token and access token by calling create_from_authorization_code(). Use create_from_refresh_token() if you have a refresh token and want to retrieve an access token with it: https://github.com/paypal/sdk-core-ruby/blob/master/lib/paypal-sdk/core/openid_connect.rb#L60
I had used my php AP for uploading youtube videos for 2 days,
All worked just fine.
But yesterday and today, I get this error when trying to upload videos to my youtube account.
yt:authentication Unknown
I am using OAuth2, all clientid , key, secret are correct
Any help ?
Whenever running into OAuth 2 weirdness, the first step I'd recommend is invalidating your existing grant from https://accounts.google.com/IssuedAuthSubTokens, and then going through the OAuth 2 approval flow again from scratch.
I have been using the PHP client library for the Google API and was having this same problem. In the v3 documentation, I couldn't find anything relating to a browser-based YouTube upload so I've ended up using the v3 API for some things (video and playlist retrieval, authentication etc.) but I'm still using the v2 method for browser-based uploading. All of this was working fine then suddenly stopped working. Jeff's suggestion of revoking the token does indeed work but the problem would just come back later.
What I had to do was check if the user's token had expired. Note that the YouTube token currently seems to expire after 60 minutes. If the token has expired, you need to make sure the user goes through the authentication process again. A quick example:
// $client is your previously authenticated instance of Google_Client
if ($client->isAccessTokenExpired())
{
// Redirect to your page which outputs $client->createAuthUrl() for them to authenticate again
}
It's probably worthwhile noting that $client->getAccessToken() still evaluates to true in conditionals even with an expired token.