3

I am using caspio rest api to authenticate my users in a mobile app. Upon authenticating, I was given an access token to which I included in my AJAX call under the parameter 'Authorization' : Bearer [access token].

I understand that I can renew the token with the refresh token given to me where I can use the POST call.

My question is: prior to using the POST call for a new token, must I store the access token?

Also, the Caspio website advised this format for the POST call:

Method: POST
URL:    Token Endpoint
Body:   grant_type=refresh_token&refresh_token= [token value]
Header parameters:
Authorization: Basic [string "Client_ID:Client_Secret" encoded in Base64]
Content-Type: application/x-www-form-urlencoded

Should I also include the client ID and client secret in the parameters? Upon using Firefox's rest client, I'm getting a bad request (400) error.

Thank you for the help!

notapro
  • 31
  • 4

1 Answers1

0

I never using caspio rest api before. The answer base on my OAuth experiences.

My question is: prior to using the POST call for a new token, must I store the access token?

YES! The OAuth 2.0 using the access token to switch the refresh token at first time.

Should I also include the client ID and client secret in the parameters? Upon using Firefox's rest client, I'm getting a bad request (400) error.

According to the api document. You should include the client ID and client secret in your request, like most OAuth 2.0 do.

The bad request (400) error you may see the rfc6749 to find further information.

Community
  • 1
  • 1
Wilhelm Liao
  • 829
  • 5
  • 12
  • Thank you for the help! If you don't mind me asking how do I store the access token? Can I simply make a variable access_token = [access token] and then have that included in my post call? – notapro Feb 21 '18 at 23:15
  • I think you didn't make a new variable, just put your got access_token in the parameter **refresh_token**. – Wilhelm Liao Feb 21 '18 at 23:20
  • Their website advised to put the refresh token value in the refresh token parameter. – notapro Feb 21 '18 at 23:57
  • If that, I cannot help you. :( As my experiences mostly refresh token is always put access token in refresh_token parameter at first request (you don't have got refresh token before). Until you got a refresh token then you must put your refresh token in refresh_token parameter to renew token. – Wilhelm Liao Feb 22 '18 at 00:05
  • 1
    No worries! I really appreciate the help! :) – notapro Feb 22 '18 at 00:07