WSO2 API Manager Client Credentials renew token

Question

I am trying to renew the token generated through API Manager.

The curl statement for generate token is:

curl -k -d "grant_type=client_credentials" -H "Authorization: Basic TDQ0SktDZm5DcVVDSVBjdGYwVDIyRWwwUGY4YT
o2d19NQm9xYnBFXzRLNHR0Wkc0NXhxd0NMTDRh , Content-Type: application/x-www-form-urlencoded" https://10.108.106.214:8250/token

The response is

"scope":"am_application_scope default","token_type":"bearer","expires_in":1094,"access_token":"6d1d0f8afbd147d24bcd42bbc5361a1"

Based on the documentation it is supposed to generate a retoken which is not being genarated. What am I missing?

Also when I pass the grant_type as refresh_token. I get a invalid grant error.

curl -X POST -H "Authorization: Basic TDQ0SktDZm5DcVVDSVBjdGYwVDIyRWwwUGY4YTo2d19NQm9xYnBFXzRLNHR0Wkc0NXhxd0NMTDRh"  -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=refresh_token&refresh_token=6d1d0f8afbd147d24bcd42bbc5361a1' 'https://10.108.106.214:8250/token'

I am referring to the documentation in the URL https://docs.wso2.com/display/AM191/Token+API#TokenAPI-RenewingaccesstokensRenewing

So what am I missing?

score 3 · Accepted Answer · edited Oct 07 '21 at 07:13

3

According to the OAuth 2.0 Authorization Protocol specification, grant_type client_credentials should not issue refresh token.

4.4.3. Access Token Response

If the access token request is valid and authorized, the authorization server issues an access token as described in Section 5.1. A refresh token SHOULD NOT be included.

You have to use Password Grant Type

Request :

curl -k -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic bkxidjNPTnYxQ25iTXBRY2E3V3hPajdaMUVZYTpuTUQzX0tKQkhGRmxFUUlXdllmSjdTUFlleThh, Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token

Response :

{"scope":"default","token_type":"bearer","expires_in":3247,"refresh_token":"91729a78a96b58d80d869f3ec2ce8b8","access_token":"ec54b39dd9503c9f65df84b67ea586"}

Use the refresh_token to Renewing access tokens

edited Oct 07 '21 at 07:13

Community

1
1

answered Oct 29 '15 at 06:04

Abimaran Kugathasan

31,165
11
75
105

1

Thanks, that explains it. – Surya Oct 29 '15 at 18:38
How we can create Java code through HttpClient or Resttemplates? Could you please help? Or How to use POstman or RestTemplates Thanks, Neha – Jan 06 '16 at 17:30
java client for what purpose? – Abimaran Kugathasan May 27 '16 at 06:24

score 0 · Answer 2 · answered Jul 31 '19 at 12:00

If i am not mistaken, in the response you have received.

"scope":"am_application_scope default","token_type":"bearer","expires_in":1094,"access_token":"6d1d0f8afbd147d24bcd42bbc5361a1"

This is the new access token.

access_token":"6d1d0f8afbd147d24bcd42bbc5361a1"

Take note of the current token, then run the curl command again. The response should be a different token.

WSO2 API Manager Client Credentials renew token

2 Answers2