Develop Reference

Not able to get access token from refresh token

i am getting this error while requesting for a new token from a refresh token in graph API.
can any i suggest please.
Thanks

It seems like you are forgetting to pass the grant_type, which tells the token service what it should be doing.
You should pass: grant_type=refresh_token
This information can be found in our documentation: Refreshing the access tokens
// Line breaks for legibility only
POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=refresh_token
&client_secret=JqQX2PNo9bpM0uEihUPzyrh // NOTE: Only required for web apps

Unable to make a POST request to OAuth endpoint

I tried to perform this request but I get errors:
1. { "error": "invalid_client", "error_description": "The OAuth client was not found." }
After I request it again:
2. 405. That’s an error.
The request method omPOST is inappropriate for the URL /oauth2/v4/token. That’s all we know.
Details:
POST /oauth2/v4/token HTTP/1.1
Host: www.googleapis.com
Content-length: 208
content-type: application/x-www-form-urlencoded
user-agent: google-oauth-playground
client_secret=MYSECRET&grant_type=refresh_token&refresh_token=MYTOKEN&client_id=MYCLIENTID
EDIT:
I was sending the request to an invalid endpoint, making it unavaiable for me to receive the expected data. I was able to fix it by following the steps in the google docs: https://developers.google.com/identity/protocols/OAuth2WebServer

The error indicates your client ID is wrong. Please make sure it's the client ID from the Google API console (console.developers.google.com) and it matches the Client Secret. The refresh token should also be one issued to the original client ID.

How to get new access token in OpenID Connect/OAuth2 Implicit Flow

I am currently using OpenID Connect/Oauth2 Implicit Flow in a mobile app. I am bringing up a Web View for the user to login and obtaining the access token and expiry. However, when the access token expires, do I need to ask the user to log in again? Or is there a way to get a new access token silently using the current one, without bugging the user. I guess another option is to set the token expiry to be a really long time, but I have read that this is a bad idea.
Am I missing something here?

Since Implicit flow does not send a refresh token (as explained in section 9 of RFC6746), usage of refresh tokens is not possible. But as a workaround one can use client credential grant to obtain an access token.
A viable solution is to first follow the implicit flow and authenticate the client. Then client authentication grant can be used to do the required API calls.
Sample request (from RFC6749)
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
rant_type=client_credentials
Sample resposne (from RFC6749)
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"example",
"expires_in":3600,
"example_parameter":"example_value"
}
P.S -
If you are using authorization code flow, you can use refresh_token to get a new access token. How the request should be formed can be obtained from OAuth2 documentation. Note that to do so, your authorization response should contain a `refresh_token.
A refresh token should be protected as valuable as a credential for a user. More can be read from keycloak documentation from here
Sample request and a response (from RFC6749)
Request
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA
Response
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
{
"access_token": "TlBN45jURg",
"token_type": "Bearer",
"refresh_token": "9yNOxJtZa5",
"expires_in": 3600
}

The recommended way is to use an external browser and the Authorization Code Flow. Check the OAuth 2.0 for Native Apps RFC. For Android, there is also a supporting library AppAuth. With this flow, you can use a refresh token to get a new access token, but there is an issue with a client secret (usually needed for accessing /token endpoint), because you cannot keep it safe in a mobile app (it's described in the RFC).
If you decide to stick with the WebView and the Implicit Flow, which is not safe (your app can see the password) you could use the same technique as in JavaScript applications - request a new token with /auth?...&prompt=none URL which will return a new token without asking the user for credentials if he still has an open session there.

OAuth 2.0 Access Token Request using Google OAuth Playground

I'm trying to exchange an OAuth 2.0 Authorization Code for an Access Token using Google's OAuth Playground tool. So, I get to step 2 and there it shows the HTTP POST request it will be sending out to MY_SERVER (I obfuscated the exact IP address for security reasons).
To me this looks correct and if I use a POST tool with exactly this request, it does arrive on my server. Launching it from the Playground, it doesn't arrive on my web server (nothing in the logs).
Does anybody have an idea what might be going wrong?
THIS POST
POST /tb/html/token/ HTTP/1.1
Host: MY_SERVER.COM
Content-length: 170
content-type: application/x-www-form-urlencoded
user-agent: google-oauth-playground
code=Splxl0576dGF6567gFG&redirect_uri=https%3A%2F%2Fdevelopers.google.com%2Foauthplayground&client_id=jarne&scope=&client_secret=some_secret&grant_type=authorization_code
RESULTS IN
HTTP/1.1 400 Bad Request
Content-length: 105
Content-type: text/plain
An error occured while connecting to the server: Unable to fetch URL: http://MY_SERVER.COM/tb/html/token/

YouTube Analytics API 400 Bad Request

I was trying to fetch YouTube analytics data and to get the access token for the same. I have followed the procedure given https://developers.google.com/youtube/analytics/authentication. We got the code but when i have tried to use POST request to get access token,i got the 400 bad request.Please help.
My Post request:
POST /o/oauth2/token HTTP/1.1 //Post Rquest
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
code=4/M7LjucbJDYrZCMiqymuKCmbGxvJk...&
client_id=8465043....apps.googleusercontent.com&
client_secret=8gn6f7K...&
redirect_uri=https://qsmi.qualcomm.com/oauth2callback&
grant_type=authorization_code
response_type=4/M7LjucbJDYrZCMiqymuKCmbGxvJk...
One more thing do we have to ask for whitelisting of app or i am missing anything. Please help !!!

You do not need whitelisting for using Analytics API.
You don't need "response_type" in your POST request as described under #4 in
https://developers.google.com/youtube/analytics/authentication#OAuth2_Flows
Please try omitting that.
But before that, you need do the step 1 first to grant access offline.
Example:
`https://accounts.google.com/o/oauth2/auth?
client_id=1084945748469-eg34imk572gdhu83gj5p0an9fut6urp5.apps.googleusercontent.com&
redirect_uri=http://localhost/oauth2callback&
scope=https://www.googleapis.com/auth/yt-analytics.readonly&
response_type=code&
access_type=offline`