I have created an API in Azure API Management to get data from a backend API. The backend API uses oAuth2 with an access token that expires in 10 minutes. With a returned refresh token you can get a new access token, which is again valid for another 10 minutes. And so on.
In the development portal of Azure APIM it is possible to do the authorization, which gives access for 10 minutes. After 10 minutes you have to do the authorization manually again, in order to get another 10 minutes access.
Is there a way in Azure APIM to automatically get a new access token, using the refresh token?
My goal is that the user does the authorization once manually in the development portal and after that the access token has to be refreshed automatically.
Only manually through send-request policy. Could also use caching policies to keep token in cache and don't fetch a new one for every request.
Related
I am setting up my Google Oauth 2.0 client credentials but it is getting expired in 2-3 weeks. Can anyone tell from we can set expiration date of credentials in google developer console portal.
Credentials are for desktop app.
I have tried exploring all the details in google console but can not find option of setting up expiration date.
The primary thing with Oauth that makes it secure is the fact that tokens expire.
An access token for example will expire after an hour so if anyone gets it they can only cause damage for a limited amount of time.
Refresh tokens can be used to request a new access token when the access token expires.
Refresh tokens can expire for a number of reasons
Your app is in the testing phase and there for the refresh token will expire after an hour.
your using a gmail scope and the user changes their password.
The user authorizes your application once you get a refresh token, they authorize it again and you get a second refresh token. This can continue with up to 50 outstanding refresh tokens after that the first one will expire. Always remember to store the latest refresh token.
There is no way to extend the life of any of the tokens this is configured by google in their authorization server.
I am using the access token to play my private videos in my android app and for that, I am created an access token.
But It says,
The OAuth Playground will automatically revoke refresh tokens after 24h. You can avoid this by specifying your own application OAuth credentials using the Configuration panel
I tried to add my own client secrets and ID and after creating a new token, it still displays the same NOTE.
How can I create a permanent access token that will not expire?
I tried to change available parameters like Access Type Online, Offline, and still shows same NOTE.
Google apis generally do not let you get a permanent access token
Access tokens have limited lifetimes. If your application needs access to a Google API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.
Generate an offline refresh token to use and get a short lived access token
This is part of the Oauth2 standard
Google API expiration date is 1 hour, the problem is that I'm using the API in order allow users to use admin SDK features (List groups, add members to a group etc.)
No one can do any of that in one hour, that would require users to login to their accounts multiple times per day to manage their groups. A 1 hour expiration date is good if you just want to use Google to authenticate users.
How to increase that or is there any work around? Am I missing something?
Due to security reasons, you cannot change the duration of the access token's expiry. However, you can refresh an access token without prompting the user for permission if you requested offline access to the scopes associated with the token.
If you use a Google API Client Library, the client object refreshes the access token as needed as long as you configure that object for offline access.
If you are not using a client library, you need to set the access_type HTTP query parameter to offline when redirecting the user to Google's OAuth 2.0 server. In that case, Google's authorization server returns a refresh token when you exchange an authorization code for an access token. Then, if the access token expires (or at any other time), you can use a refresh token to obtain a new access token.
I am using the OAuth capability in Azure Bot service to access the Microsoft Graph.
I have the need to communicate with the SharePoint Online REST endpoint. Typically, I would request and cache a refresh token from AAD, then use that refresh token to acquire a second access token, specifying the sharepoint.com address as the resource.
When using the OAuth connections in the Azure Bot service, I can get an access token by calling the GetUserToken method of the dialog context. However, I cannot get the refresh token from the bot service.
Q: Is the refresh token exposed as part of the BotBuilder library, or in some other fashion?
You must include the offline_access scope on your OAuth Bot configuration and on bots API permission within your Azure bot registration (Go to AAD - Application Registration (Preview) - API Permission).
Otherwise the bot service will not be able to refresh the token when it expired after 60 minutes by default.
For more information's on scopes see here.
Further explanation:
Without the offline_access scope included in the token request, the refresh token is not submitted and only an access token is provided. With the scope included, a refresh token will be provided to the caller which (in this case the bot service) can use to acquire a fresh token at any point until the refresh token itself expires.
Hi to all and sorry for my English!
I'm new to Google-API and I need use Google Service Account to access Google-API on my php server.
I can't use client-php-google-api, so I'd like call google-api by REST.
Do I need a refresh token? If Yes, how can I get a refresh token for service account?
You will require a service account and access token (No need for refresh token in this scenario). To get an access token, you will require JWT. JWT token has an expiry of maximum 1 hour and you will need to re-issue a new JWT after its expiry. Please refer to following guide on getting JWT/Access Token and then making API calls:
Using OAuth 2.0 for Server to Server Applications