Topic
6 replies Latest Post - ‏2014-06-13T07:10:40Z by Arindam Guha
Arindam Guha
Arindam Guha
10 Posts
ACCEPTED ANSWER

Pinned topic Refresh Token in 2-legged OAuth

‏2014-06-05T04:33:50Z |

Hi,

We are implementing 2-legged OAuth. I have below questions:

 

1. How can we get the refresh token along with access token in 2-legged Oauth implementation?[except "resource owner credential" as I have already used it]

 

2. After getting the refresh token, how can we use it to get access tokens without using any username/password in our request? What are all parameters mandatory for using the refresh token?

 

Please let me know if anyone implements it before.

 

Thanks,

Arindam

  • Arindam Guha
    Arindam Guha
    10 Posts
    ACCEPTED ANSWER

    Re: Refresh Token in 2-legged OAuth

    ‏2014-06-06T03:53:31Z  in response to Arindam Guha

    Hi All,

    Please help me if you have any details.

    Thanks,

    Arindam

    • John_Rasmussen
      John_Rasmussen
      54 Posts
      ACCEPTED ANSWER

      Re: Refresh Token in 2-legged OAuth

      ‏2014-06-06T14:03:21Z  in response to Arindam Guha

      Arindam,

      what release of the DP Firmware are you using?

      did you change the Number of Refresh Token Allowed in the OAuth Client Profile?

      what if any error messages are you receiving ?

       

      John

      • Arindam Guha
        Arindam Guha
        10 Posts
        ACCEPTED ANSWER

        Re: Refresh Token in 2-legged OAuth

        ‏2014-06-09T07:47:35Z  in response to John_Rasmussen
        Hi John,
        I am using XI52.6.0.0.1 firmware. Yes, I have changed the refresh token number 0 to 2. I am also getting refresh token along with access token but my question is what are all parameters mandatory for using the refresh token to get the new access tokens?
        Thanks,
        Arindam
        • JatinIBMDW
          JatinIBMDW
          14 Posts
          ACCEPTED ANSWER

          Re: Refresh Token in 2-legged OAuth

          ‏2014-06-09T18:00:54Z  in response to Arindam Guha

          Hi Arindam,

          For an OAuth2 "client credentials" grant type, a refresh token should NOT be included in the access_token response from the authorization server. This behavior is as per the following RFC:

          http://tools.ietf.org/html/rfc6749#section-4.4.3

          Regards,

          Jatin

           

          Updated on 2014-06-09T18:01:12Z at 2014-06-09T18:01:12Z by JatinIBMDW
        • John_Rasmussen
          John_Rasmussen
          54 Posts
          ACCEPTED ANSWER

          Re: Refresh Token in 2-legged OAuth

          ‏2014-06-09T19:44:34Z  in response to Arindam Guha

          Arindam

           resource owner grant type (for 2 legged) supports refresh token

          The use of the refresh token is described here:

          http://tools.ietf.org/html/rfc6749#section-6

           

          John

          • Arindam Guha
            Arindam Guha
            10 Posts
            ACCEPTED ANSWER

            Re: Refresh Token in 2-legged OAuth

            ‏2014-06-13T07:10:40Z  in response to John_Rasmussen

            Hi John,

            I am implementing the same but got this error "{ "error":"invalid_request", "error_description":"Multiple refresh_token in request" }".

            PFB the request

            grant_type=refresh_token&refresh_token=<refresh token>&scope=<scope>

            Could you please help me on this?

            Thanks,

            Arindam