I have a PHP application usign LinkedIn API to show my company updates.
I know that the Access token has a duration of 60 days. And to refresh it I need to are connected to linkeIn and have a current Access token with less than 60 days old.
But my question is, in my application, users don't log in it, I use my own account to get the first access token and call API method with my Access Token.
How can I refresh my own access token to my web application works more than 60 days without get a new token manually? If I don't do anything but my app is still calling the API, the access token will be refreshed automatically?
Thanks a lot!
I am not sure but I think you have to manually login and update the 60 days token.
I have build a similar c#.net app where I save the token and exp.date in a file. I then cache the file for ever.
I cache the result from API for 5min. When cache expires and I make a new request to the API I also check the exp. date of the token.
When it is less then 3 days I send an email to admin to update the token by login in through my special login window where I save the 60 days access token.
LinkedIn's OAuth 2.0 documentation covers how to refresh your access tokens: https://developer.linkedin.com/docs/oauth2#refresh
Note that there is a requirement that the user is logged into linkedin.com in order to refresh their token - so if your app has no user interaction when you attempt to do the refresh, it won't work and the tokens will be expired by LinkedIn.
Related
I'm kinda confused using Google API
I've a FORM on my website for booking events on my public calendar. Whenever a user books an event, I make a call to get an Access Token (using Client ID & Secret and Refresh Token), but using the same Refresh Token that I generated initially. For every new Access Token, I'm using the same Refresh Token. It's all working fine. But I don't understand the flow.
Do I need to generate a new Refresh Token on every call? What are some limitations of not doing so? Can I keep on generating Access Token with the same Refresh Token indefinitely? Thanks!
Refresh tokens are long lived they can expire if the user who's account was used to create it removes access. If its not used in the last six months google will also expire the refresh token. Here is one that is a bit tricky if you use the client id to request access of the user you get a refresh token if you do it again you get another refresh toke technically both refresh tokens work you can do this up to 50 times on the 51's time the first one will be expired. You can use a refresh token as many times as you want to get a new access token.
My question for you is who's google calendar are you writing to the users or some default one on your website? If this is a central Google calendar that you are writhing to then you should consider using a service account rather than Oauth2. I have an article on how service accounts are used if you are interested. Google Developer service accounts
Let me explain the title :
I have a PHP API using OAuth2 authentication.
I have a NodeJS application,using this API via Password Grant. In session, the node stores access token and refresh token per user.
I have no trouble renewing the access_token with the refresh_token, when the user is requesting the node or via a front end demon, asking node to refresh regularly.
My question is :
I would like to keep my access_token short lived as I heard it was a further security (3600 sec or so), but I would like to allow the user to come back a few days later and still be authenticated, or at least avoiding asking him password login once more. Am I forced to make the access token lifetime longer ?
Does the Node Server need to refresh the user's token even if he's not requesting anything ?
Thank you in advance
In many common OAuth2 implementations refresh tokens are valid for a long time (much longer than the access token) or do not expire at all. You need to store this refresh token linked to your node session (For instance in DB). Then, when the user is coming back, just retrieve a new access token using the related refresh token.
According to http://blog.cloud-elements.com/oauth-2-0-access-refresh-token-guide:
Box
Access token: 1 hour
Refresh token: 60 days (resets 60 days when retrieving new access token)
Dropbox
Access token: Forever
Refresh token: N/A
Google DriveGoogle Drive OAuth
Access token: 1 hour, from my experience, but it seems this can vary depending on the Google API (expires_in field is returned in JSON)
Refresh token: Forever
OneDrive
Access token: 1 hour
Refresh token: 6 months (Get a new one every time you call refresh)
SharePoint
Access token: 1 hour
Refresh token: 6 months (Get a new one every time you call refresh)
A refresh token can not expire or can have a very long time expiration.
I'm trying to make aplication which get the posts of facebook page. I did everything and it is working fine but I have problem wih access token. I've tried some SO answers about making FB APP but it didn't worked for me. I got to point when my token expired then refreshed page but the page asked me to verify access. But I cannot have it like this, because it doesnt serve the purposse.
Now I'm taking the content from this url with file_get_contents("https://graph.facebook.com/soecz/posts?access_token=CAACEdEose0cBAJrnTKwdTdaloBgShsNSIkJjspgQocumZB4CV4mZACpAo3xj57gYcVYYYeHDBxi2ltNCT7SZB0Yl51PBQCrInIKstadeRR5OidYG8pibAAUHIiC51QUxgfTgFMY4DLUlglda7YiaP5yQiYbRftxwipRK5MZBVyzags0eReHx");
But after 2 hrs the token expires and I got oath error. Do you ahve any solutions ? I will sue it to get the posts from page. I do not want to edit / post anything with this. Just get the posts and write them. Also I do not want to rediret users when the token expires. Thanks for solutions
See scenario 5 of https://developers.facebook.com/roadmap/offline-access-removal/. By extending the 2 hour (short lived) token for a 2 month (long lived) token you can query for the page token after which will not expire.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.
So you will only need to "verify" once as a user then you can save the page access token after that.
I'm going to be writing a Facebook Graph script/application that will run as a cron. I tried to do this before, but it said that the access token expired. I tried using getAccessToken(), but it told me that a valid access token had to be used to request information about the current user. How can I automatically renew my access token so my cron job won't break?
The normal access token expires in 2 hours, and the extended token lasts for 2 months.
For the extended token guide, go though this: How to extend access token validity since offline_access deprecation
Now, the best thing you can do is to update regularly this extended token of the user when he log-in the app/website. So, you can use this token in your cron job. This will fail only when the user didn't visit your app for 2 months.
Did you verify expiry of your access token at below link?
https://developers.facebook.com/tools/debug
Moreover, you can get detailed answer by visiting similar question:
How to renew/extend facebook access tokens with PHP?
I am working on a simple Facebook App that will allow me to post from my client's website to my client's Facebook Fan Page.
Right now I set the access token with $facebook->setAccessToken( EXTENDED_ACCESS_TOKEN_IN_DB ); after creating my application instance with the PHP SDK. I am using the 60 day long-lived extended access tokens so the client does not have to login to Facebook each time they want to post to the Fan Page.
At some point, the access token will become invalid for any number of reasons.
Under ideal circumstances this would be once every 60 days. At the same time it would be nice if we could continue to publish to the Fan Page from the website through the app until the day arrives that the user de-authorizes the app.
Is there anyway to get a new access token once it has expired without asking the user to login to Facebook?
Is there anyway to get a new access token once it has expired without asking the user to login to Facebook?
No. That’s the whole point of deprecating offline_access – that apps can’t go on “forever” doing stuff in the user’s name.
Maybe you want to get a page access token instead of a user access token? The former ones don’t have a default expiry date.