I have searched a lot but I can't find the right answer.
I'm working with the Spotify Web API. The access token is only valid for 1 hour. I want to know if it's possible to renew the Spotify access token automatically? And if the answer is yes, how can I do that?
Thanks
Better solution what was find is: Login use Authorization Code Flow
you will receive access_token and refresh_token - and when access_token expired you can get new use refresh_token as describe in '7. Requesting access token from refresh token'
Related
I want to get the Authorization code to generate ACCESS TOKEN and REFRESH TOKEN for my Application. I'm trying to get the job done using POSTMAN. But this seems not working. I'm attaching a screenshot of POSTMAN. Can you tell me what I am doing wrong?
Any useful suggestion or alternative solution is appreciated.
https://www.postman.com/praveendvd-public/workspace/postman-tricks-and-tips/documentation/8296678-5dc51f3f-c7b0-4c66-a457-11af32bb1a63?entity=request-6dda15f2-306b-4915-a585-
use this public collection as an example
It will be easier to do this using settings within the Postman GUI. There is an Authorization tab in which you can specify auth type, configure new tokens, add your client id & secret, etc.
After many tries, I figured it out myself. To Generate the Refresh token and access token the first time, I needed Authorization Code. I thought I need to generate it again and again but it Turns out I needed it only once and when I got the access_token and refresh_token, I can easily generate access_token by using refresh_token.
Here's the corrected API request flow-
Requesting Authorization code
Using Web
Requesting ACCESS TOKEN and REFRESH TOKEN
Regenerating Access Token using refresh token
So I generated access token and access token secret on Twitter
However's every time I make a GET request on Postman I get bad authentication data:
I copy & paste the access token after "Basic" in the Value so I don't know why it's not working?? I would be so grateful if anyone helped!!!
PS I didn't put anything in the authorization tab on Postman. Not sure if that's relevant:
You should be getting GET not POST for statuses/user_timeline as per Twitter API User Timeline
GET statuses/user_timeline
We have an Instagram client id and client secret, and already have gone through the documentation of generating access tokens which requires redirect url.
Note that we also have disabled the implicit OAuth flow.
Now we already have generated the access token using URL below (for authenticated user, it returns the access token appended in the response URL)
https://api.instagram.com/oauth/authorize/?client_id={client_Id}&redirect_uri={redirect_url}&response_type=token&scope=public_content
Can this token be stored in the database / configuration files and re-used for any new Instagram API requests? e.g.
https://api.instagram.com/v1/users/{user_id}/media/recent/?access_token={reusable_access_token}
Based on the official documentation, we understand that the access token can become invalid at any point of time, we would like to know if there are any specific scenarios which leads to invalidation of the access token?
What would be the best way to generate token once and use it for each API request? We definitely do not want users to enter credentials manually to generate tokens.
Unfortunately at that point it's not possible:/ Instagram doesn't provide refreshing access token in the background.
User needs to login with their credentials, so you can obtain new access token. Some kind of workaround (not nice, but it's working) is to watch for error type OAuthAccessTokenException and notify the user via e-mail about such fact. He will have to login once more, so you can get fresh and working access token.
Also, please keep in mind that access tokens has a pretty long life span. It doesn't expire after a day or two, unless Instagram API has some issues (like just now OAuth - unable to exchange code to access token for some users).
Otherwise it works really well.
However it would be super nice if Instagram could add to their API renewal option in the background for access tokens for users that autorised your app, but their token expired:)
According to https://groups.google.com/forum/#!forum/oauth2-dev discussion is now here.
No matter how much reading I do, I can't get my head around how google OAuth2 tokens work. Reading the docs and many other places suggest that a refresh_token doesn't expire, and is used once the access_token expires. See the official docs at https://developers.google.com/accounts/docs/OAuth2WebServer#refresh
However, in practice it appears to work as describe by Paul (Unable to refresh token after expiration) that the refresh token expires when the access token expires.
Can a Google Engineer please confirm what the correct behavior should be as this appears to be a case of behavior and documentation not matching.
It also makes the refresh token useless.
If you request access_type=offline when making the initial request to https://accounts.google.com/o/oauth2/auth then you'll get back a refresh token along with the access token. This is documented here.
The refresh token does not expire, until the user explicitly revokes access to it from the Account -> Security -> "Connected applications and sites" page.
The other post you linked to seems to be related to SoundCloud, which presumably does things a little differently.
I would like to use google fusion tables, for which I need to login first.
I do a http request and get the "auth" token as response.
But now I stuck and don't know how to use this token?
I could neither find any google docs on this nor this thread helped: Google Auth using Token
Because adding the auth token to the url does not work.
You use the authorization code to get an access_token.
This has useful information:
https://developers.google.com/usiontables/docs/articles/oauthfusiontables
You then send the access_token with your sql query.