Update Google's access_token

1. User logged in via Google account.
2. I want to issue custom request to Google using access_token from user's identity.
3. It works fine some time after logging in, but later Google says, that access_token is expired.
4. I want to refresh access token by PUT https://myapp.api.oneall.com/identities/xxx/synchronize.json. It returns HTTP 400 and message "The provider did not accept the stored access_token, it is either invalid or expired. Please ask the user to re-login."
My question: what is wrong? How to update connection info (access_token actually) of Google identity or any other social network in roght way?

Best Answer

  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    edited March 2016 Answer ✓
    Hi Alexander,

    The refresh_token is only provided on the first authorization from the user. Subsequent authorizations will not return the refresh_token again.

    Could it be that you have removed the identity during your tests? This would then also have removed the refresh token and it would not be retrieved on subsequent logins.

    What you can do for your tests is:

    * Go to your Google account security settings: https://www.google.com/settings/u/1/security.
    * Click the edit button next to "Authorizing applications and sites".
    * Then click "Revoke Access" next to your app.
    * The next request you make will return a refresh_token.

    Regards,

Answers

  • Hi,

    In the request to the synchronize endpoint, did you add try to include some POST data?
    To set "update_user_data" to false and "force_token_update" to true, for example.

    Regards.
  • Hi Fred,
    yes, I tried any combination of true/false with update_user_data and force_token_update. Answer is the same.
  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    Hello,

    could you please post the identity_token that you are using?

    Regards,
  • Hi,

    The API response includes a refresh token. You can use this to refresh the access token.
    The Oneall synchronize endpoint does this, and basic testing shows it currently working.

    So, odd, but we'll be looking into it some more though.

    Regards
  • Hi all, it's me but from another account. Sorry for late answer.
    Claude_Schlesser, my identity token is d513d59a-c6a7-455f-b454-adb5c7ae63bc. It was created yesterday and worked fine. Today it doesn't work.
    GET request to https://truststamp.api.oneall.com/identities/d513d59a-c6a7-455f-b454-adb5c7ae63bc.json
    gives 200 answer with:
    ... "access_token": { "key": "ya29.sAL9cZgrQQmdndfeNiJFtZODK-re-ukU9lUvYu5estJtVcslTBq2MpBxMRplYucaUm0", "date_expiration": "03/25/2016 15:44:47" } ...
    So, access_token is expired.
    PUT request to https://truststamp.api.oneall.com/identities/d513d59a-c6a7-455f-b454-adb5c7ae63bc/synchronize.json with any combination of update_user_data and force_token_update gives me:
    ... "status": { "flag": "error", "code": 400, "info": "The provider did not accept the stored access_token, it is either invalid or expired. Please ask the user to re-login." } ...

    Fred_Pinel, which request gives me refresh token? I didn't found it.
  • Hi,
    The identity endpoint (the GET request to https://truststamp.api.oneall.com/identities/d513d59a-c6a7-455f-b454-adb5c7ae63bc.json) should return the refresh token, in addition to the access token (right after it actually).
    Do you see it?

    Regards
  • That token has gone.
    Currently, I have
    https://truststamp.api.oneall.com/identities/494c0a17-f80d-49e1-87b2-ef7587f26230.json
    GET request to this URL returns no refresh token near access_token or anywhere in the response:
    "response": { "request": { "date": "Wed, 30 Mar 2016 10:35:09 +0200", "resource": "/identities/494c0a17-f80d-49e1-87b2-ef7587f26230.json", "status": { "flag": "success", "code": 200, "info": "Your request has been processed successfully" } }, "result": { "data": { "identity": { "user_token": "a02e6dfe-f3a5-40d1-b099-fd0bdd793d35", "identity_token": "494c0a17-f80d-49e1-87b2-ef7587f26230", "date_creation": "Wed, 30 Mar 2016 09:04:26 +0200", "date_last_update": "Wed, 30 Mar 2016 09:04:26 +0200", "provider": "google", "provider_identity_uid": "xxxxxxxxxxxxxxxxxxxxxxx", "source": { "name": "Google", "key": "google", "access_token": { "key": "ya29.tQKWxxxxxxxxxxxxxxxxxxxxxxx", "date_expiration": "03/30/2016 10:04:25" } }, ...
  • Looks like it helps. I reconnected app and now identity has refresh_token. I can use /synchronize for updating access_token.
    Thanks a lot!
  • Good.

    For our information, did you delete the identity of the user before?

    Thanks.
  • Yes, I deleted identity and (or) user.
  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    Thank you for the update. We are now working on this issue. We will cache the refresh token so that we don't loose it when you delete/recreate the identity.
  • Hello Claude,
    are you have any update for this issue?
This discussion has been closed.

Welcome!

Please sign in to your OneAll account to ask a new question or to contribute to the discussions.

Please click on the link below to connect to the forum with your OneAll account.