How to call an OAuth API once I have the access_token & refresh_token

Question

Ok, geesh, I am really having a hard time getting a full understanding of this Oauth stuff. I am making brutally slow process.

Now, I have the access_token and the refresh_token and the id_token:

{
    "access_token":"SlAV32hkKG"
    "id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...",
    "token_type":"Bearer",
    "refresh_token":"76c5cdeecfd1543cfd4c3e7c054780ac",
    "expires_in": 3600
}

Next, I just need to use the above to make the final, actual API call. PLEASE believe me when I say that I have looked, but I am NOT finding a nice, simple, clean code example of how to make this call in a C# .NET app.

The API I am trying to consume does have their own documentation, and this is all they said about this step:

4. Make API Requests

Now that your application has a valid access token it can now use that token to make authenticated requests to PDK APIs. This is done by simply including the access token in the Bearer type Authorization header of your requests.The Authorization header should look similar to:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...GmUdC2H13YMCwc30Z3l5RCrbwQ

Which is less than helpful from a code writing standpoint. Are they saying that when I make the final (actual) API call that I do so with no actual authentication, but with the access_token included as a normal header? And if so, what is the name (key) of the header? And is Authorization: Bearer it's own header too?

This thread HAS been very helpful, but I'm still having trouble translating his examples into what I'm trying to do.

And because this will be an off-line app, I also need to somehow include the `resresh_token'.

I know that the protocol here on SO is to provide code that we've already tried and ask for suggestions on how to fix it. And normally that's what I do. But honestly, I'm lost here.

Thank you in advance!

Yes, you add it as a header. The `key` is `Authorization` and the `value` is `Bearer your_key_goes_here`. — Equalsk, Aug 29 '17 at 15:59
irrelevant to this question - i like your bio :) I like pizza. And mobile development. And .NET. Please send Pizza. HaHaHaHaHa :) — Ankit, Aug 29 '17 at 17:05

ザヘド · Accepted Answer · 2017-08-30T04:41:09.423

1

You'll need to set the authorization header using the access_token. Here is an example:

var myUri = new Uri(fullpath);
var request = WebRequest.Create(myUri);
var httpRequest = (HttpWebRequest)request;
httpRequest.PreAuthenticate = true;
httpRequest.Headers.Add("Authorization", "Bearer " + access_token);
httpRequest.Accept = "application/json";

var webResponse = request.GetResponse();
var responseStream = webResponse.GetResponseStream();
if (responseStream == null) return null;
var reader = new StreamReader(responseStream, Encoding.Default);
var result = reader.ReadToEnd();
responseStream.Close();
webResponse.Close();

edited Aug 30 '17 at 04:41

answered Aug 29 '17 at 16:14

ザヘド

614
1
6
17

when the `access_token` expires, you can use the `refresh_token` to get a new `access_token` – ザヘド Aug 29 '17 at 16:19
so is this how the actual call is made? var json = httpRequest.GetResponse(); – Casey Crookston Aug 29 '17 at 20:26

How to call an OAuth API once I have the access_token & refresh_token

1 Answers1