Questions tagged [oauth-refresh-token]
16 questions
2
votes
0 answers
How to implement refresh token in django-oauth-toolkit? I'm able to get access_token but the refresh token isn't coming with it
I'm using django-oauth-toolkit with djangorestframework where our partner user will register their application and get application credentials (client id and client secret) which then used to get access token that can be used further to get our…
Shishir Subedi
- 609
- 3
- 10
1
vote
1 answer
Linkedin API : No refresh token with accessToken
When i use the Linkedin API to get access token, it only works halfway. According to the documentation, I'm supposed to receive :
access_token
expires_in
refresh_token
refresh_token_expires_in
scope.
But i only receive access_token, expires_in and…
Cylecq
- 13
- 3
1
vote
0 answers
Better approach to use refresh token rotation and reuse detection with Amazon Cognito
With our team, we are thinking about how to implement the refresh token rotation and reuse detection strategies in our authentication layer.
We want to use cognito for user authentication but we are dealing with how to apply those strategies to…
Chacky Dev
- 61
- 3
0
votes
0 answers
How do I invalidate a refresh jwt on logout? - Nodejs and Reactjs
I'm trying to implement refresh token rotation in my project. From my understanding, I'm supposed to create a refresh token and a short-lived access token. When the access token expires, I validate the refresh token before returning a new access and…
Jia Huang
- 77
- 4
0
votes
0 answers
Google Service Account: Unexpected error refreshing access token
I am trying to create a java class for Event Creation using google service account with downloaded json credentials. I have given the Owner permission to the generated gmail id for authentication and have added Calendar Scopes as well.
Error…
0
votes
0 answers
OAuth2 Via GitHub Api - Refresh Token missing
I am using .NET 6 - AddOAuth() method to configure the authorization code flow. After the authentication via token endpoint, I received access token but refresh token is missing.
As per Github's article, to enable refresh token we have to use…
subi_speedrunner
- 901
- 3
- 9
- 17
0
votes
0 answers
If you implement refresh token rotation, isn't better to keep track of current user token than blacklisting used ones?
I don't see a point in which you would with implemented refresh token rotation blacklisted tokens instead of keeping track of current ones.
If you are blacklisting tokens, you would get a lot of tokens blacklisted very fast. Let's assume your access…
Fran Turkovic
- 97
- 11
0
votes
0 answers
How to detect stolen refresh token in refresh token rotation?
I managed to implement authentication with jwt tokens based on access token, refresh token and RTR (refresh token rotation). It simply follows all the rules:
Tokens are signed JWT-s with both having their own secret (one for access, one for…
Fran Turkovic
- 97
- 11
0
votes
1 answer
Spotify api returning invalid refresh token even though the refresh token is new
I'm trying to get new access token from spotify by sending the refresh token to spotify token endpoints but it's returning this {error: 'invalid_grant', error_description: 'Invalid refresh token'}
this is my code:
const basic = Buffer.from(
…
owl Hld
- 23
- 5
0
votes
0 answers
How to get refresh token in google
I'm getting an access token and that access token expiry time is 1 hour but after few event creation access token getting expired that's why i want's to store refresh token and using refresh token i can re-generate new access token but i'm unable to…
0
votes
1 answer
Refresh token in Desktop App for OAuth2 Authorization Code Flow
I want to use API in my .net WinForms application which are closed by JWT token. Such tokens can be received from the Identity Provider using Authorization Code Flow + PKCE. I worked with such flow before in Web Application and I know how to request…
SlavaHq
- 23
- 3
0
votes
1 answer
Unable to retrieve refresh_token via hybrid oauth2 flow
I am using the OAuth2 hybrid flow to authenticate my application. The initial authentication goes perfectly for 100%.
When I request CodeIdTokenToken I am only getting the code, IdToken and Token (as I requested). But I also want the initial…
Erwin
- 1,484
- 1
- 18
- 32
0
votes
0 answers
Flutter google_sign_in library does not returning refresh token
We are managing the user's Google calendar using google calendar APIs in the server. So we are getting the user's Google access token using the flutter google_sign_in library.
_googleSignIn.signIn().then((result) {
…
Dhevendhiran M
- 994
- 2
- 12
- 29
0
votes
1 answer
Refresh TOKEN and PKCE extension
I am using the asgardeo library for Tomcat and reading the documentation I cannot find how to request a new AccessToken because the previous one has expired and I was wondering if it is possible to use the PKCE extension in the calls
0
votes
1 answer
What is the security risk of having longer Refresh token in Authorization server?
We have a client application is interacting with application with oauth authentication. We dont want to authenticate the user every time when the refresh token expires .So , we thought that we can keep refresh token expiration time until 1 year.…
Ram Sure
- 63
- 1
- 5