I am using drive.files.insert method from https://github.com/google/google-api-nodejs-client and it worked properly but I don't know how can I refresh the token and also where can I get the refresh token.
Meanwhile, I am taking the token from https://developers.google.com/oauthplayground/ and with that token I am able to upload the files but as the access token valid only for 1 hour so I won't be able to upload the files after 1 hour and I won't know how to do that after 1 hour as I am unable to write get and post method. I saw from some sites, they are using gapi.client for authentication and then they uploading to drive but even it won't work.
I hope I am able to explain my question well.
Suggestions are always welcomed and thanks for the help in advance
It's all correct. Google always give you a token with 1 hour lifetime, you will not get any longer, but it's not an issue. Read a doc (from the library you pasted here carefully). It says:
You can start using OAuth2 to authorize and authenticate your requests
to Google APIs with the retrieved tokens. If you provide a
refresh_token and the access_token has expired, the access_token will
be automatically refreshed and the request is replayed.
So if the access_token will be automatically refreshed there is no problem. You can always manually refresh your access token using refresh_token (you always get a pair access_token + refresh_token) but I don't think you need it. It's how Oauth2 works.
Related
I have created an appian Connected System for DocuSign authentication with Authenticate Code Grant. I am able to authenticate & hit APIs successfully. But the issue is my token gets expired every 8 hours, then I have to go and authenticate from Connected System file again.
Please help me understand how can I refresh my token when its expired/about to expire.
I can explain how refresh tokens are used to generate a new access token.
However, this may not be possible with Appian, I am not sure about that, because I'm not sure about how Appian works.
First, you have to store the refresh_token you got when you used Auth Code Grant to get the original access_token that expired. That token can used to get another access_token later.
To get a new access token, use the refresh_token as you would an authorization code, but with a grant_type value of refresh_token and a refresh_token parameter that holds the contents of the refresh_token.
Read more in this Developer Center page
I'm building a website that integrates Instagram Basic API to show my media posts. So far, I managed to authorize via
https://api.instagram.com/oauth/authorize?client_id=X&redirect_uri=X&scope=user_profile,user_media&response_type=code,
fetch a short-lived access token via https://api.instagram.com/oauth/access_token?client_id=X&client_secret=X&grant_type=X&redirect_uri=X&code=AUTH_CODE_RECEIEVED,
fetch a long-lived access token (as per the response I receive) via https://graph.instagram.com/access_token?grant_type=ig_exchange_token&client_secret=X&access_token=SHORT_TOKEN_RECEIEVED,
and lastly, show my media posts via https://graph.instagram.com/me/media?fields=id,caption,media_type,media_url&access_token=LONG_TOKEN_RECEIEVED.
However, the problem I am currently facing is that the obtained long-lived access token - which is meant to be valid for 60 days? - is expiring per hour or so. Meaning, on client-side, when I'm requesting the server to fetch media posts, using the token, the response returns with expired token exception.
I tried to use FB Access Token Debug Tool to check the token validity, and it shows that the token does indeed expire in about an hour. Why is this happening? I checked the response I'm getting from the long-lived token API, and it's a success with the token, grant_type, and expires_in fields.
Below is the screenshot of the debugger result.
.
What I'm trying to accomplish is rather straight-forward. Generate a long-lived access token that "should" be valid for 60-days use on server side. Then, I'll have to automate the token-refresh process afterwards. Any suggestions to the above issue?
Thanks in advance.
Regards,
Moh. Bokhari
The difficult part is getting a short-lived access token first; I found this useful page which explains step-by-step with screenshots on how to get a short-lived access token.
The link to the website
On my localhost, I have authenticated my user and goten a Refresh Token and Access Token using Passportjs.
I am using Google's Official Node.js library to get the Google Analytics data and it all seems to work fine.
On this GitHub issue, Justin clearly mentions that the expiry is set by Google's APIs.
How long is the refresh_token valid and at what time do i have to authorize myself again?
This is more of an Oauth2 question then a Google Analytics question.
Access tokens on google servers are good for one hour.
The refresh token does not expire and you can use it as many times as you want to request a new access token.
You should still handle invalid refresh tokens in your code. The user can revoke your access via there Google account. You can have max 50 out standing refresh tokens before the first one starts working. If i authenticate your application you will be given a refresh token if i do it again you get another refresh token there can be max 50 of them outstanding.
If the refresh token does become invalid you should just request authentication from your user again. The library you are using should be handling refreshing the access token for you.
We are using Azure AD authentication with a bootstrap MVC site.
Everything is fine and dandy - except we have an issue with the token timeout.
I have read multiple articles about the token lasting 1 hour before re-authenticating against Microsoft.
Our problem comes up when posting data.
Efter we enter a page with a post form on it - and this hours expires when on the page - the post data gets lost when posting the data. Everything points in the direction of the problem occurring when the site goes to get a fresh 1-hour token.
Has anyone here had experience with this or have any idea of how to get around this problem?
Not sure if this is the right way of doing things, but this is how we're handling this situation.
Basically when a user authenticates against Azure AD, you get 3 things back - Access Token (which expires after 60 minutes), Refresh Token and Token Expiry. What we do in our application is cache these three items.
Whenever we perform something that requires Access Token, we first check if the token has expired or not (by comparing the server date/time with the token expiry). If the token is not expired, we simply use that access token. However if the token is expired, we fetch new tokens using refresh token (fetching new tokens using refresh token will again return Access Token, Refresh Token and Token Expiry which we cache again in our application).
I have an app, that pulls data from my Instagram account.
I authorized this app once, and got access token. But I'm worried,
what if this token expires? Should I authorized the app each time the
token expires?
Can I receive another access token from the auth code?
If no, what can I do to have my app always pulling data from account
without my participation?
Thanks.
But I'm worried, what if this token expires?
AFAIK, Instagram accesstokens don't expire currently.
Note: From Instagram documents.
Note that we do not include an expiry time. Our access_tokens have no explicit expiry, though your app should handle the case that either the user revokes access or we expire the token after some period of time. In this case, your response’s meta will contain an “error_type=OAuthAccessTokenError”. In other words: do do not assume your access_token is valid forever.
Should I authorize the app each time the token expires?
At the moment, you do not need to do that, as token does not expire. As and when the token expires in future, a corresponding warning or error code and message will be sent to you, which you need to handle.
what can I do to have my app always pulling data from account without
my participation?
You can try following:
Use sharedpreference to store the accesstoken.
First time when you try to fetch data that needs accesstoken(Authenticated requests), first check in the sharedpreference whether the accesstoken is stored or not.
if yes then you don't need to login, just use that accesstoken. If you don't have the accesstoken in preference then do the login using instagram credentials, get the accesstoken and then share it in shared preference and use that for subsequent requests.
You can provide instagram logout option in which you just need to clear the accesstoken from sharedprefernce.
Hope this is helpful to you.
Update - This no longer works as mentioned in the comments
While not well documented, It's worth pointing out that retrieving a feed of posts does not require an accessToken.
https://api.instagram.com/v1/users/{user-id}/media/recent/?access_token=ACCESS-TOKEN
can also be called passing just your client_id
https://api.instagram.com/v1/users/{user-id}/media/recent/?client_id=CLIENT_ID
This isn't made clear in their documentation though.
https://instagram.com/developer/endpoints/users/
The Instagram access token expires at arbitrary times.
Twice in the in the last 7 months from my experience.
I did not find any way to regenerate the token without my participation, the only valid solution IMHO is to avoid the official API and use something like:
https://stackoverflow.com/a/33783840/
For the last 3 week, I have created new token multiple time and its expire after 2 days, but I also notice that some token didn't expired which were created before 3 years. Also, Instagram docs say the token can expire any time in the near future.
There is a hack at this moment to show the user's last post just append URL with `/?__a=1''
after user name such as
https://www.instagram.com/vaseem.ishak/?__a=1
you will get user last post with image text, no of comment like etc.just dig little the return JSON