Stack Overflow
Stack Overflow

Questions tagged [access-token]

Access Token is the last token acquired during the OAuth authentication process.

4002 questions
23
votes
2 answers

AngularJS - Handling refresh token?

I'm building a SPA with AngularJS with communication to a service (JAVA). When user sends his username/pass, service sends back both: Acces token and Refresh token. I'm trying to handle: if I get response with status 401, send back refresh token and…
damirsehic
  • 1,117
  • 2
  • 12
  • 17
22
votes
7 answers

How to secure a refresh token?

I'm using JWTs for authenticating users for my app. When a user logs in they are given an access token and a refresh token. To keep the refresh token safe, I don't store it on the client-side, but save it on the back-end with their account so it's…
Abdul Ahmad
  • 9,673
  • 16
  • 64
  • 127
22
votes
2 answers

Auth0 impersonation deprecated.. What should I use instead?

On our website, administrators should be able to view the website as the user (client). I planned on using Auth0 for this, and just noticed their impersonation feature is deprecated. I could force some login flag in Redux to allow the admin to view…
Greg Miller
  • 1,064
  • 13
  • 22
22
votes
3 answers

Implementing an RESTful API Authentication using tokens (Yii/Yii2)

I am building an API in Yii 1.x which will be used with a mobile application. Part of the process involves a login (with a username and password) using the following JSON request below:- // Request sent with username & password { "request" : { …
Zabs
  • 13,852
  • 45
  • 173
  • 297
21
votes
4 answers

Facebook app (NOT user) access token expiration

Do Facebook APP access tokens expire? These tokens are different than the USER tokens; they are acquired like this: https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id={0}&client_secret={1}) as described in the App…
eugen
  • 211
  • 1
  • 2
  • 4
21
votes
3 answers

How to specify audience for an OAuth2 access token?

I am confused that there seems to be no standard way to specify the audience for an access token when sending an authorization request to an authorization server. OAuth2 specifies access tokens as opaque strings; there is only one mention of…
Free Willaert
  • 1,139
  • 4
  • 12
  • 24
21
votes
4 answers

Spring Boot: Full authentication is required to access this resource

I am doing example of Spring Boot Security with wso2is server from this post https://github.com/angel-git/wso2is-springoauth, when I am trying to access resource with access token I am getting {"error":"unauthorized","error_description":"Full…
deen
  • 2,185
  • 7
  • 29
  • 53
21
votes
2 answers

How to get access token? (Reddit API)

I wonder if it is possible to get a permanent access token for personal use on Reddit? It will only be me using the App. For users, the access token expires after an hour. My using the below information that I have about my client-id and secret, I…
Andreas
  • 1,121
  • 4
  • 17
  • 34
21
votes
2 answers

What are the steps to implement Spring's Token Store as a MySQL file?

I have an application that currently uses the Spring OAuth 2.0 In Memory Token Store. I need to convert the Spring Security OAuth 2.0 JAR to use a persisted file rather than an in memory to ensure the access tokens are valid over server restarts. …
Donald F. Coffin
  • 665
  • 2
  • 6
  • 13
20
votes
4 answers

"Calling this from your main thread can lead to deadlock and/or ANRs while getting accesToken" from GoogleAuthUtil(Google Plus integration in Android)

In my android application, I am trying to get AccessToken from GoogleAuthUtil as below : accessToken = GoogleAuthUtil.getToken(this, mPlusClient.getAccountName(), "oauth2:" + SCOPES); But At this line I am gettting error as below…
Ponting
  • 2,248
  • 8
  • 33
  • 61
19
votes
6 answers

Keycloak API always returns 401

I'm trying to interact with Keycloak via its REST API. I have the master realm and the default admin user, and a test realm. Firstly, I get an access token for the admin account and test realm: let data = { grant_type : 'password', client_id…
Jayce444
  • 8,725
  • 3
  • 27
  • 43
19
votes
4 answers

OAuth: Storing Access Token and Secret

We have a number of clients that use our API to power their websites. I have started a conversation at work about using OAuth to make authenticated API Calls. We will have both, two and three legged flows. For the 3-legged flow, we still have not…
Onema
  • 7,331
  • 12
  • 66
  • 102
19
votes
2 answers

How to save Token to Local Storage?

I'm working on a login system for an app in school. I can register a user that gets saved to my azure documentDB. I can then, sort of log in with the user. But it (the Token) never gets saved so that I can access the token... The script for the log…
Boba
  • 207
  • 1
  • 2
  • 7
19
votes
2 answers

How to store an auth token in an Angular app

I have an Angular application (SPA) that communicates with a REST API server and I'm interested in finding out the best method to store an access token that is returned from an API server so that the Angular client can use it to authenticate future…
The Zuidz
  • 678
  • 3
  • 8
  • 18
19
votes
2 answers

HTTParty and authorization via token

Somehow HTTParty returns 401 where CURL works fine. Not sure how to pass token in headers. Working (200): curl http://localhost:3020/api/products -H 'Authorization: Token token="111"' Not working…
olimart
  • 1,529
  • 3
  • 17
  • 32
1 2 3
99 100