6

We have an application that makes use of OAuth in SharePoint 2013. The application stores the access token for a user and makes use of the refresh token to request a new access token whenever it expires.

This flow works perfectly.

However, refresh tokens expires at some point too - It's valid for 6 months in SP2013 from what I understand. I would like to test the application to see how it handles the situation where the refresh token expires.

What is the best way to force an expiration of the refresh token in SharePoint? Forwarding the system date has a lot of negative effects on the entire system, so it doesn't seem to be a viable solution.

All I can find is how to use a refresh token to request a new access token... There is one thread though that has a way to force such a scenario in Salesforce by revoking the refresh token from the user's profile, but I can't find anything similar in SP2013.

Any ideas would be really appreciated

I've found that you can revoke an App's permissions completely by deleting the permissions for the app under Site Settings -> Site Collection Administration -> Site Collection App Permissions... however I don't think it simulates the case where the refresh token is expired.

user3337134
  • 61
  • 3
  • If you can configure the refresh_token lifetime I'd suggest setting it to a very low value like 1 minute or second and then wait a little longer then the timeout, so the next time you use it it will for sure be expired. – thr0wable Oct 06 '15 at 14:30

0 Answers0