I performed some tests with the API (by the way thanks a lot for that ;-)) and I struggle with the following issue: {'error': 'invalid_grant', 'error_description': "The 'code' provided was invalid."} If I run into the manual process to get the authorization code and try with the new one it's work but after test it's doesn't work again. Can you tell me the reasons that can expire this code? In the doc I only see about the token expiration. Is that because my app is in "Unpublished"? Thanks in advance.
You need to refresh the access token when the token is already expired (the token will be expired after 1 hour). For more details, please visit this blog post: https://quire.io/blog/p/Create-Your-Quire-App-with-Quire-API.html#refreshing-tokens
Related
I'm trying to get access token by calling https://www.googleapis.com/oauth2/v4/token with
grant_type: 'refresh_token',
client_id: GOOGLE_OAUTH_CLIENT_ID,
client_secret: GOOGLE_OAUTH_CLIENT_SECRET,
refresh_token: refreshToken
I'm sure the clientId/secret are correct.
Since for some refresh tokens - I do get access token, for others I do get notification that the token is revoked, but in some cases I'm getting a
error: '400 - {"error":"invalid_grant","error_description":"Bad Request"}'
Since for some cases I do receive success/token revoked, I assume it eliminates NTP issue.
Any ideas what else could be wrong and where to look?
It may be that you have an invalid access token. This could be due to many causes,such as the user's account has been deactivated since the token was created or token being revoked or expired, Ensure that you are always using the newest refresh token.
Time is critical with regards to tokens, Ensure that you are in with Google NTP server. If necessary, sync your time with Google NTP. Also an incorrect/ incomplete refresh token will also result in an invalid grant. In order to request a refresh token you must first have requested offline access. Access tokens work for one hour, however it is a good idea to refresh them when there is five minutes left to avoid any issues with clock stew.
Requesting an access token every time you need to access the api may also result in invalid grant, for flooding the auth server. Google has made changes if a user changes their password refresh token that grants access to some scopes will be revoked. Here is a StackOverflow answer and a blog post that I found which explain some of the reasons this error can occur.
Also you may try changing from the https://www.googleapis.com/oauth2/v4/token URI to https://oauth2.googleapis.com/token. The previous URI should continue to work, but the later URI is the new default. See this github
I was creating an application to enable user to sign in with their Microsoft Account. But after the submission of email and password, it displays this error message "AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token". What is the problem? Here is the link to my GitHub project: https://github.com/JadyVella/OAuth2-with-MSAL
Based on the AADSTS54005: OAuth2 Authorization code was already redeemed Error code.
If your app reuses authorization codes to get tokens for multiple resources, its recommended that you use the code to get a refresh token, and then use that refresh token to acquire additional tokens for other resources. Authorization codes can only be used once, but refresh tokens can be used multiple times across multiple resources. Any new app that attempts to reuse an authentication code during the OAuth code flow will get an invalid_grant error.
For more information about refresh tokens, see Refreshing the access tokens . If using ADAL or MSAL, this is handled for you by the library - replace the second instance of 'AcquireTokenByAuthorizationCodeAsync' with 'AcquireTokenSilentAsync'.
Note : If the issue is not resolved from above, Please reach out to Azure Support by clicking on (Help+Support) and creating a technical request to Azure as it may require assisted support.
I'm building a website that integrates Instagram Basic API to show my media posts. So far, I managed to authorize via
https://api.instagram.com/oauth/authorize?client_id=X&redirect_uri=X&scope=user_profile,user_media&response_type=code,
fetch a short-lived access token via https://api.instagram.com/oauth/access_token?client_id=X&client_secret=X&grant_type=X&redirect_uri=X&code=AUTH_CODE_RECEIEVED,
fetch a long-lived access token (as per the response I receive) via https://graph.instagram.com/access_token?grant_type=ig_exchange_token&client_secret=X&access_token=SHORT_TOKEN_RECEIEVED,
and lastly, show my media posts via https://graph.instagram.com/me/media?fields=id,caption,media_type,media_url&access_token=LONG_TOKEN_RECEIEVED.
However, the problem I am currently facing is that the obtained long-lived access token - which is meant to be valid for 60 days? - is expiring per hour or so. Meaning, on client-side, when I'm requesting the server to fetch media posts, using the token, the response returns with expired token exception.
I tried to use FB Access Token Debug Tool to check the token validity, and it shows that the token does indeed expire in about an hour. Why is this happening? I checked the response I'm getting from the long-lived token API, and it's a success with the token, grant_type, and expires_in fields.
Below is the screenshot of the debugger result.
.
What I'm trying to accomplish is rather straight-forward. Generate a long-lived access token that "should" be valid for 60-days use on server side. Then, I'll have to automate the token-refresh process afterwards. Any suggestions to the above issue?
Thanks in advance.
Regards,
Moh. Bokhari
The difficult part is getting a short-lived access token first; I found this useful page which explains step-by-step with screenshots on how to get a short-lived access token.
The link to the website
Currently I try to implement user authorization into an iOS app. Therefore we use Active Directory B2C.
Everything works fine, except the refreshing of my expired tokens. I call the request url (fabrikamb2c.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_sign_in) to get an access_token and a refresh_token. The response seems to be valid and the access_token works very well as long as it's not expired.
But if I want to get a new token (like it is described here: OAuth 2.0 authorization code flow; see chapter 4) the request just gets responded with a 400: Bad Request.
I can't find out, what I am doing wrong. Do you guys now a way, how to debug these requests or have some kind of checklist what needs to get configured within the Azure portal?
Thanks!
Edit: this is the request I am using:
POST /xxx.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_local-account-signupin HTTP/1.1
HOST: login.microsoftonline.com
content-type: application/x-www-form-urlencoded
content-length: 1148
client_id=xxx&refresh_token=xxx&grant_type=refresh_token&redirect_uri=urn:ietf:wg:oauth:2.0:oob
Thanks everyone for trying to solve my problem! It came out, that the refresh_token I was using was invalid. So if you are sure, that the request is correct, and you get just a Bad Request response, check the parameters one more time.
I believe you need to specify a value for the scope parameter. The scope parameter is used to inform B2C which resource you are requesting a token for. At this time you'll most likely want to use scope=<client_id> or scope=openid.
I am using drive.files.insert method from https://github.com/google/google-api-nodejs-client and it worked properly but I don't know how can I refresh the token and also where can I get the refresh token.
Meanwhile, I am taking the token from https://developers.google.com/oauthplayground/ and with that token I am able to upload the files but as the access token valid only for 1 hour so I won't be able to upload the files after 1 hour and I won't know how to do that after 1 hour as I am unable to write get and post method. I saw from some sites, they are using gapi.client for authentication and then they uploading to drive but even it won't work.
I hope I am able to explain my question well.
Suggestions are always welcomed and thanks for the help in advance
It's all correct. Google always give you a token with 1 hour lifetime, you will not get any longer, but it's not an issue. Read a doc (from the library you pasted here carefully). It says:
You can start using OAuth2 to authorize and authenticate your requests
to Google APIs with the retrieved tokens. If you provide a
refresh_token and the access_token has expired, the access_token will
be automatically refreshed and the request is replayed.
So if the access_token will be automatically refreshed there is no problem. You can always manually refresh your access token using refresh_token (you always get a pair access_token + refresh_token) but I don't think you need it. It's how Oauth2 works.