I have a problem with GoogleAuthUtil .
In first getToken i receive a AccessToken
and when AccessToken has expired time , getToken recive a RefreshToken .
How get a AccessToken from RefrestToken ?
Thaks so much
Basically, GoogleAuthUtil is used for getting an access token for an account which is on a device. So there's no way for GoogleAuthUtil to exchange for an access token given a refresh token.
Related
I'm trying to implement a refresh token concept on my website.
if I understand correctly the refresh token should be a unique identifier for a user to get a new token (the token is valid for 15min only).
I'm using customId package to generate a refresh token for each user on login.
when the token expires. I send a request to an endpoint to generate a new token based on the refresh_token provided for each user.
I'm using nuxt auth module.
try {
const tokenUser = await User.findOne({
refresh: req.body.refresh_token
})
// console.log(tokenUser)
const newToken = await jwtr.sign({
iu: tokenUser._id.toString()
},
'SUPERSECERT', {
expiresIn: '5000' // Testing
}
);
return res.json({
token: newToken
});
} catch (e) {
return res.status(401).send('unauthorized');
}
Am I doing this correctly ? or should I store a newly created jwt token in refresh_token instead of a random unique string? Or did i miss something about the refresh tokens?
This implementation is ok, though you may think of using something which is called a "rolling refresh token". Every time you use the refresh token to get a new access token, you also generate a new refresh token and return both to the client. From now on it should be only possible to get a new access token using the new refresh token. It gives you a bit more security in case someone manages to steal a refresh token.
Nevertheless, you should always expire your refresh tokens at some point (e.g. after a few hours). This will help you ensure that even if someone finds an old refresh token, they will not be able to use it. Once the refresh token expires you should ask the user to log in again.
With Flutter, I am able to login with Facebook, and later I want to get the FacebookAccessToken because it is needed to correctly get the user photoURL.
Is there a way to get the token from FirebaseAuth? Or I must store this value in my code?
Login part, we have the access token:
FacebookLoginResult result = await new FacebookLogin().logIn(['email', 'public_profile']);
...
FacebookAccessToken accessToken = result.accessToken;
Now, let's say in another Widget, we want to get the user photoURL
final auth = FirebaseAuth.instance;
String url = auth.currentUser.photoURL;
This url must be appended with ?accessToken=<access_token> retrieved during the first step. There is a bug created. But for now, can we directly get it from FirebaseAuth?
The Facebook access token is available from the auth result immediately after the user signs in from the FacebookAuthCredential object as result.credential.accessToken. It is not available from the current user, so if you don't capture immediately after sign-in there's no way to find it later without going back to the Facebook SDK.
Also see:
Can I get a facebook access token from firebase.auth().currentUser?
How to get provider access token in Firebase functions?
Get Facebook/Google access token on Firebase Auth#onAuthStateChanged?
I have a JWT token via initial login that is set to expire in 60mins. I want to renew this token so that the user is not logged out.
For this, am using the AcquireTokenAsync call withing that 60mins window using the UserAssertion
public static async Task RenewToken(string resourceUri)
{
var authContext = new AuthenticationContext(Authority);
var authHeader = HttpContext.Current.Request.Headers["Authorization"];
var userAccessToken = authHeader.Substring(authHeader.LastIndexOf(' ')).Trim();
var userAssertion = new UserAssertion(userAccessToken);
// keeps returning the same access token with same expiry
var authResult = await authContext.AcquireTokenAsync(resourceUri, ClientId, userAssertion);
var userInfo = authResult.UserInfo;
var apiAccessToken = authResult.AccessToken;
var expiry = authResult.ExpiresOn.UtcDateTime.ToString("u");
}
Is it that the above call with an existing JWT token can be used only once the token is expired?
Any inputs appreciated.
According to your code seems you want to refresh token on web api(service) side, on service side you shouldn't renew access tokens. The client app should do that operation.
With ADAL, your app will get the access and refresh token the first time an end user logs in, then you can use refresh token to get new access token silently (AcquireTokenSilentAsync) when the access token expires and a refresh token is available & valid.
Access tokens can be refreshed using the refresh-token for a maximum period of time of 90 days with a 14 day expiration sliding window from the date that the access token was acquired by prompting the user.
Checkout our code sample implementing this scenario for more help. If i misunderstand your scenario , please feel free to let me know .
On client side i call FB.login and get response:
accessToken
expiresIn
signedRequest
userID
how i can check that is data is correct data, not fabricated ?
I would like to understand why i get "The requested URL responded with HTTP code 401." when i try to put a description whith an access token.
The weird think is it works fine when i do that just after getting the access_token (session) from the user, but when i store the token, and try to launch the same code later, it fail !
Apparantly, there is a problem with the token, because i can access the soundcloud description without token, but if i use this method: $soundcloud->setAccessToken($token); before getting the tracks datas, i can't access them anymore...
Here is the code:
require_once 'soundcloud/Soundcloud.php';
$soundcloud = new Services_Soundcloud(SOUNDCLOUD_CLIENT_ID, SOUNDCLOUD_CLIENT_SECRET, SOUNDCLOUD_REDIRECT_URI);
$soundcloud->setAccessToken($session_token);
try
{
$track = json_decode($soundcloud->get('tracks/'.$media_id), true);
}
catch (Services_Soundcloud_Invalid_Http_Response_Code_Exception $e)
{
exit($e->getMessage());
}
try
{
$response = json_decode($soundcloud->put(
'tracks/'.$media_id,
'test',
array(CURLOPT_HTTPHEADER => array('Content-Type: application/xml'))), true);
}
catch (Services_Soundcloud_Invalid_Http_Response_Code_Exception $e)
{
exit($e->getMessage());
}
This code works when i just get the token but fail if i launch it a few days later...
Thanks for help !
Where is $session_token coming from in this example? Depending on how you generated the access token, one of two things are happening:
You are not sending the correct access token.
The access token you are sending has expired.
If it's 2, you should have gotten a refresh token when the user authorizes your app. The PHP SoundCloud SDK has a accessTokenRefresh() method that you can use in this scenario.
You need a non-expiring token.
When authorizing, the param scope defaults to "*".
Specify the scope and retrieve the token like this:
$soundcloud->getAuthorizeUrl(array('scope'=>'non-expiring'))
See: http://developers.soundcloud.com/docs/api/reference#connect
(Quite old question, but just ran into this myself. When the token is expired you don't get feedback from the API other then the 401 error, leaving you in the dark.)