I created docusign jwt access token for my application manually/php sdk with consent and used that access token in the code for restapi. Expiry of access token is 1 hr. How to renew the DocuSign jwt access token without asking consent again and again? Or how to prolong the expiry of access token?
You call request_jwt_user_token again and get the token from the response. You dont need to request consent again. Have a look at the recommended best practices here
Related
I understand that i can fetch web services client token through the url
https://www.yourmoodle.com/login/token.php?username=USERNAME&password=PASSWORD&service=SERVICESHORTNAME
and it works. I am getting a token and private token.
but i do not see a refreshtoken url. I can see the expiry date through moodle admin account.
Does anyone how to refresh moodle token?
what is the use of private token?
Thanks
It looks like there's no inbuilt functionality to refresh a token like the OAuth 2 spec. You would need to call the login/token.php again if your API call fails.
Unfortunately the login/token.php file only returns the token and may return the private token (Private token, only transmitted to https sites and non-admin users.). From the client's perspective there's no way to know when the token will expire.
References:
https://github.com/moodle/moodle/blob/master/login/token.php
https://github.com/moodle/moodle/blob/master/lib/externallib.php#L1034
I have a mobile application talking to a backend. I am providing login to the app through LinkedIn. I checked the linkedIn api for oauth authentication and have followed the steps as given in this link
Oauth LinkedIn.
I am able to obtain the request token as per step 3. Now i am sending this request to my backend. In the backend i want to make sure that this request token is valid and has not expired.
How do i achieve this ? In FB authentication, they have provided an end point to which i post the access token (https://graph.facebook.com/app?access_token=)and it gives the expiry time, validity of token etc.
How do we do this with LinkedIn api, i searched their documentation, but no luck. Any help will be appreciated.
Thanks
There's no separate API that LinkedIn provides to inspect the token. However you do get a hint about the token expiry back in the response from the token endpoint when exchanging the code for an access_token in the expires_in parameter, e.g.:
{"access_token":"<>","expires_in":5183999}
which tells you that it is valid for 60 days. You could store that information together with the access token.
You can use "Token Introspection" endpoint to check the validity of your access token at any time.
https://learn.microsoft.com/en-us/linkedin/shared/authentication/token-introspection. Use Refresh token to refresh it before it expires.
I'm building an app that requires a Facebook Authentication Token.
Google'ing it I end up on https://developers.facebook.com/docs/facebook-login/access-tokens
This names the following tokens:
User Access Token
App Access Token
Page Access Token
Client Token
Are any of these a Facebook Authentication Token?
If not, how do you get one?
I ended up using this tool here:
https://smashballoon.com/custom-facebook-feed/access-token/
developing a mobile app using angularjs, node.js, mongodb, passportjs, express... Im implementing the bearer strategy with the bearer tokens.
I would like to know, when a user is using the app(immediately after the user is logged the access token is created),but I would like to understand when the API must to refresh it or when the access token must to expire.
Refresh token is used when access token expires. It's up to you when you expire the access token, but usually the lifetime of an access token is one hour. When the access token expires, the refresh token can be used to obtain a new access token. For more information, please refer to the OAuth 2.0 RFC.
Refresh token:
Refresh tokens are credentials used to obtain access tokens. Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires, or to obtain additional access tokens with identical or narrower scope (access tokens may have a shorter lifetime and fewer permissions than authorized by the resource owner).
Expiration:
expires_in
RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated.
Is it possible to renew the long-term oauth token for facebook before it expires, and if so, how is that accomplished? So far it seems facebook will only give back the old token with the same expiration date.
Edit: using server-side authentication, and not finding in the docs specific info on how to request a new short lived token and exchange it for a long-term token using server-side workflow.
https://developers.facebook.com/docs/authentication/server-side/
how is that accomplished?
By getting a new short-lived user access token first, and then sending it to the endpoint for extension.